heuers.org

What is ntop?

From the ntop homepage:

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of:

* a web interface
* limited configuration and administration via the web interface
* reduced CPU and memory usage (they vary according to network size and traffic)

make ntop easy to use and suitable for monitoring various kind of networks.

Date    : 23.01.2008 (V.1.1)

# apt-get install librrd2 ntop
Define the password for the admin user:

# ntop -u ntop
>> Please enter the password for the admin user:

Setting up ntop (3.2-8) …
Adding system user: ntop.
Warning: The home dir you specified already exists.
Adding system user `ntop’ (UID 104) …
Adding new group `ntop’ (GID 104) …
Adding new user `ntop’ (UID 104) with group `ntop’ …
The home directory `/var/lib/ntop’ already exists.  Not copying from `/etc/skel’.
adduser: Warning: that home directory does not belong to the user you are currently creating.
Starting network top daemon: Fri Dec  7 13:34:59 2007  NOTE: Interface merge enabled by default
Fri Dec  7 13:35:00 2007  Initializing gdbm databases

Your /etc/default/ntop should look like this (if not change it)

# This file will normally include the debconf template but you can disable
# that and use this file only.
. /var/lib/ntop/init.cfg
#GETOPT=”"

then edit

/etc/ntop/protocol.list

and add all ports for example: from your MS-Sql Servers

FTP=ftp|ftp-data,PROXY=3128|8080|8081,HTTP=http|www|https,DNS=name|domain,Telnet=telnet|login,NBios-IP=netbios-ns|netbios-dgm|netbios-ssn,Mail=pop-2|pop-3|kpop|smtp|imap|imap2,SNMP=snmp|snmp-trap,NEWS=nntp,DHCP-BOOTP=67-68,NFS=mount|pcnfs|bwnfs|nfs|nfsd-status,X11=6000-6010,SSH=ssh,Gnutella=6346|6347|6348,Kazaa=1214,WinMX=6699|7730,eDonkey=4661-4665,Messenger=1863|5000|5001|5190-5193,,ICA=1494,RDP=3389,SQL=1433|1262|1365

Restart the ntop damon with

/etc/init.d/ntop restart

Go to http://yourhostip:3000/ to see Ntop in action. Activate the rrdPlugin at Plugins/Round Robin Databases

Goto Admin / Configure and enter your Local Subnet Address (Syntax for example 10.112.94.0/24)

Related posts:

1. How to install Nagios3 on a Debian Lenny Server This tutorial will show you how to install Nagios3 on...
2. Use Linux to secure two Datacore Servers from being infected by viruses A solution if you have the need to support windows...

Related posts brought to you by Yet Another Related Posts Plugin.