Ntopng is a high-speed web-based traffic analysis and flow collection. Ntopng is based from ntop. It’s run on every Unix platform, MacOS X and Windows.
Features
From ntopng website, some of the features are:
- Sort network traffic according to many protocols
- Show network traffic and IPv4/v6 active hosts
- Store on disk persistent traffic statistics in RRD format Geolocate hosts
- Discover application protocols by leveraging on nDPI, ntop’s DPI framework
- Show IP traffic distribution among the various protocols
- Analyse IP traffic and sort it according to the source/destination
- Display IP Traffic Subnet matrix (who’s talking to who?)
- Report IP protocol usage sorted by protocol type
- Produce HTML5/AJAX network traffic statistics
Installation
Ntop is available in pre-compiled packages for CentOS dan Ubuntu 64-bit based. You may find the packages in their download page. For 32-bit operating system, you have to compile it from the source. This article is tested on CentOS 6.4 32-bit version. But it may works also in other version of CentOS / RedHat based Linux. Let’s start.
Prerequisites
Development Tools
You have to make sure that you have all development tools which is needed to compile ntopng. To install the development tools you can use yum command :
# yum groupinstall ‘Development Tools’
Install TCL
# yum install tcl
Install libpcap
# yum install libpcap libcap-devel
Install Redis
# wget http://redis.googlecode.com/files/redis-2.6.13.tar.gz # tar zxfv redis-2.6.13.tar.gz # cd redis-2.6.13 # make 32bit # make test # make install
Install ntopng
Method 1:
# wget http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.1_6932.tgz/download # tar zxfv ntopng-1.1_6932.tgz # cd ntopng-1.1_6932 # ./configure # make # make install
Method 2:
On my CentOS 6.4, I got an error message when using Method 1. Here’s the error message :
./third-party/LuaJIT-2.0.2/src/libluajit.a : could not read symbols : File in wrong format
So I switch to install it using SVN. Internet connection is required for this installation method. Here’s the steps :
# svn co https://svn.ntop.org/svn/ntop/trunk/ntopng/ # ./autogen.sh # ./configure # make # make install
Since ntopng is a web-based application, your system must have a working web-server installed
Create configuration files for ntopng
If everything is installed, then it’s time for us to running it. By default, redis and ntopng will installed in /usr/local/ folder if we don’t change the installation folder explicitly in ./configure step. Next we need to create configuration files for ntopng. In this article we use vi as text editor. You can use your favorite text editor to create ntopng configuration files.
# cd /usr/local/etc # mkdir ntopng # cd ntopng # vi ntopng.start Put these lines : --local-network “10.0.2.0/24” --interface 1 # vi ntopng.pid Put this line : -G=/var/run/ntopng.pid
Save those files and we can continue to the next step
Run ntopng
We assume that you have installed web server correctly, then the next step is to run redis server.
# /usr/local/bin/redis-server
Then run ntopng
# /usr/local/bin/ntopng
Testing ntopng
Now you can test your ntopng application by typing http://yourserver.name:3000 . You will see ntopng login page. For the first time, you can use user ‘admin’ and password ‘admin’.
The dashboard is quite simple. After you logged in, you will see an information about Top Flow Talkers.
If you click Flows menu on the right top, ntopng will show you more detail about Active Flows.
On Hosts menu, you can see all hosts which are connected to the flows
If you click Hosts > Interactions, ntop will show you a nice graphic about interaction which happen between them.
Dashboard menu consist of :
Top Hosts (Send+Receive)
Top Application Protocol
Interfaces menu will bring you more menus inside. Packets menu shows you size distribution of packets.
Protocols menus will give you information about how many protocols that have been used and its percentage.
You can also see the activity by using Historical Activity menu
Last but not least, you can also manage the user who can access ntopng via Settings menu on the top right area (the one that have a gear icon). Then click Manage Users.
Ntopng provide you with a wide range of timeframe, from every 5 minutes until 1 year. You just need to click the timeframe you want to show. The graphic itself is clickable. You can click it to zoom it.
Of course, ntopng is more than just pictures above. You can also integrate it with GeoLocation and GeoMap services. From ntopng website itself, there is a paid module such as nprobe to enrich the information provided by ntopng. For more detailed usage of ntopng, please visit ntopng website.
It was an absolutely new tool to monitor the system. Thank you for the detailed description of its installation. I will consider it and try to compare with my tool Anturis.
Thank you very much.
We are glad if this article can help you.
Hello,
Everything works, but the admin menu don't appear. (like you)
Is that normal ?
Thanks
Hi Kixz,
May I know the admin menu you mean?
On my ntopng server, when I logged in as admin, I have Home, Flows, Hosts and Interfaces menu at the top right area.
Hi there,
I'v already setup the ntopng on my Ubuntu 12.04 LTS machine, i just want to ask what will be the setup for the ISP (Public IP address) ?
Also, how to setup ntopng to show VLANs Bandwidth usage?
Thanks in advance!
Hi Chovron,
To monitor public IP Address, you can fill this line --local-network “your_public_ip_address” on your ntopng.start file. Ntopng will see it as your local network.
About VLAN traffic, I have not tested yet but ntopng has -m option. With this option, you can list your VLAN networks, and ntopng should treat them as local networks. I hope this help.
Thank you
Hi Pungki,
Thank you for your answer.
Here's my scenario, I have Zentyal UTM for Network Infrastructure Management, I created Multiple VLANs, I have 2 ISP and also I have a Cisco switch for the distribution of different VLANs. My ntopng is setup on VMware and connected to one of my VLANs. My question is how to monitor my 2 ISP? is it possible to monitor the 2 ISP (Public IP address)?
Also, where do you setup your ntopng? is it setup after your ISP ?
Is it possible to integrate ntopng on Zentyal ? it will monitor all the Bandwidth usage ?
Sorry for the questions. I'd really appreciate your help!
Thanks,
Chovron
Hi Chovron
Ntopng can monitor more than 1 IP address. On ntopng.start file, we can put the local-network parameter more than 1. Also put the interfaces. The number of interfaces comes from your available eth on your server, where ntopng is installed.
To add VLAN subnet, we can use -m option. For example: ntopng -m 10.0.76.0/24,10.0.77.0/24
Yes, I setup ntopng after my ISP. I have never use Zentyal before, but I believe that we can integrate ntopng with Zentyal Linux.
I don't think ntopng will monitor bandwidth usage. Ntopng is a network monitoring analysis. So I think I won't get result like MRTG or Bandwidthd.
I hope this help.
Thanks :)
Hi Pungki,
Why the "make" command is not working ? I'v already install the libpcap(-dev).
I'm on this step right now:
# svn co https://svn.ntop.org/svn/ntop/trunk/ntopng/
# ./autogen.sh
# ./configure
# make
# make install
Here's the log:
Now run ./configure
[root@ntopng ntopng]# ./configure
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking how to run the C preprocessor... gcc -E
checking for PF_RING source installed in /root/PF_RING... checking for pcap_open_live in -lpcap... no
Please install libpcap(-dev) (http://tcpdump.org)
Thanks,
Chovron
Hi Chovron
May I know what Linux do you use?
On CentOS, I used "yum install libpcap-devel" while on Ubuntu based Linux I used "sudo apt-get install libpcap-dev" (without quotes). But if you want to install manually, you this steps may help. http://www.question-defense.com/2010/07/07/install-newest-libpcap-version-on-centos-linux
Help me ,please
When I run the NTopng I get these errors.
----------
17/Mar/2014 15:32:31 [Lua.cpp:2042] WARNING: Script failure [/usr/local/share/ntopng/scripts/callbacks/second.lua][/usr/local/share/ntopng/scripts/callbacks/second.lua:46: /var/tmp/ntopng/eth0/rrd/bytes.rrd: illegal attempt to update using time 1395041551 when last update time is 1395054757 (minimum one second step)]
----------------
Someone can teach me how to fix. thanks
I am trying to install NTOPNG using the following link:
http://www.nmon.net/centos/
but every time i tried got the following message :
#yum install pfring n2disk nProbe ntopng ntopng-data nbox
http://www.nmon.net/centos/6/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: ntop. Please verify its path and try again
Please help to install ntopng using RPM.
Thanks in advance
Hi Ashikur,
Just wondering if you managed to solve the problem, I am experiencing the same issue.
Check the url path using links, lynx, etc. And drill down til you find repiod.xml. then make the correction to your repo file
Hi Ashikur Rahman,
I think the link to the rpm must be down, I successfully installed ntopng last week but now I am getting the same problem as you. Hope they will fix soon
Still getting the same error.using the following link
http://www.nmon.net/centos/
Please update who is successful using the yum repo .
Thanks in advance.