Ntop - Monitoring tool

Monitoring Linux Network with Ntop

ntop for Linux

ntop is a free monitoring tool for Linux which will show you a list of hosts currently utilising the network. The associated protocols in use are also displayed. Traffic is then displayed in order of hosts / protocol. Supported protocols are: TCP, UDP, ICMP, (R)ARP, DLC, IPsec, Netbios, FTP, HTTP, DNS, Telnet, SMTP, IMAP, POP, SNMPNFS and X11.

Quick view summaries are available for all Traffic, Hosts, Network Load, Traffic Maps and Network Flows. Here you will find graphical charts and representations of your network and its infrastructure:

ntop historical data

The graph above indicates an overview of historical information based on protocol. Here we can see some of the many protocols that can be monitored. ntop allows you to customise this information to your own needs. ntop has its own built in database where all statistical information (current and historic) is recorded.

The graph below is one of the many throughput graphs available. Information graphs are available for the "Last 10 Minutes", "Last Hour", "Current Day" and "Last Month". The granularity of these graphs can be changed/adjusted to your own needs.

ntop network load

Detailed information can be obtained regarding all "sent" and "received" traffic to and from your network. You can even click find the geographic location of remote servers and display them on a map!

To use "ntop" on your server you will need to install the necessary programs. For Debian/Ubuntu systems:
sudo apt-get install ntop should install the necessary programs and dependencies.

During installation, you will need to supply a new password for a new admin account that can be used with ntop.
To produce some of the graphs, you will also need to install a program called: graphviz. Again from a Debian/Ubuntu system this can simply be installed by issuing:
sudo apt-get install graphviz

Under openSUSE the ntop package is available from your repositories. The graphviz should also be available. In my example, I already have the graphviz package installed:

linux-pd5y:~ # zypper se ntop
Loading repository data...
Reading installed packages...

S | Name | Summary                           | Type
  | ntop | Web-Based Network Traffic Monitor | package
linux-pd5y:~ # zypper se graphviz
Loading repository data...
Reading installed packages...

S | Name            | Summary                                   | Type
i | graphviz        | Graph Visualization Tools                 | package
  | graphviz-devel  | Graphiviz development package             | package
  | graphviz-doc    | Documentation for graphviz                | package
i | graphviz-gd     | Graphviz plugin for renderers based on gd | package
i | graphviz-gnome  | Graphviz plugins that use gtk/GNOME       | package
  | graphviz-guile  | Graph Visualization Tools                 | package
  | graphviz-java   | Graph Visualization Tools                 | package
  | graphviz-lua    | Lua extension for graphviz                | package
  | graphviz-ocaml  | OCAML extension for graphviz              | package
  | graphviz-perl   | Perl extension for Graphviz               | package
  | graphviz-php    | PHP Extension for Graphviz                | package
  | graphviz-python | Python Extension for Graphviz             | package
  | graphviz-ruby   | Ruby Extension for Graphviz               | package
  | graphviz-sharp  | C# Extension for Graphviz                 | package
  | graphviz-tcl    | Tcl extension tools for graphviz          | package
  | perl-GraphViz   | Interface to the GraphViz graphing tool   | package

Once ntop has been installed successfully, you will need to configure a couple of options. You will need to be "root" to make these changes. You can use the editor of your choice (gedit, nano or vi....):

If you are using a wireless connection instead of a wired solution, you may wish to add this to the configuration. To do this you will need to add the entry into the interface section of the following file: /var/lib/ntop/init.cfg


Next, we need to add the port number "3001" into the following file: /etc/default/ntop

The line that needs to be added should read: GETOPT="-w 3001"

root@john-desktop:/etc/default# cat ntop
# In order to change the user ntop should run as or the interfaces it should
# listen on, please run:
#    dpkg-reconfigure -plow ntop

# set ENABLED to 0 if you want to avoid ntop being started at system boot

# Additional command line options passed when invoking ntop
# "-n 0" disables DNS resolution, as currently ntop is unstable when
# DNS resolution is enabled
GETOPT="-n 0"
GETOPT="-w 3001"

Now, we should be able to start "ntop". Don't worry if "ntop" has already started.

sudo /etc/init.d/ntop start

Now its time try "ntop". To view ntop, you will need to use a browser. Open your browser of choice and enter the following address into the address bar: localhost:3001

If all has gone well, you should see the default homepage of ntop. I have created a quick video showing some of the basic functionality that can be found within ntop.

ntop Video Demo of basic functionality

Below is a video that displays some of the basic functionality of the ntop network monitoring tool.