See who’s doing what on your network over time with ntop.

If you’re looking for real-time network statistics, check out the terrific ntop tool (http://www.ntop.org). It is a full-featured protocol analyzer with a web frontend, complete with SSL and graphing support. Unfortunately, ntop isn’t exactly lightweight (the precise amount of resources required depend on the size of your network and the volume of network traffic), but it can give you a very nice picture of who’s talking to whom on your network.

ntop needs to run initially as root (to throw your interfaces into promiscuous mode and start capturing packets), but then releases its privileges to a user that you specify. If you decide to run ntop for long periods of time, you’ll probably be happiest running it on a dedicated monitoring box (with few other services running on it, for security and performance reasons).

Here’s a quick reference on how to get ntop up and running. First, create an ntop user and group:

# groupadd ntop
# useradd -c "ntop user" -d /usr/local/etc/ntop \
            -s /bin/true -g ntop ntop

Then unpack and build ntop per the instructions in docs/BUILD-NTOP.txt. I assume that you have the source tree unpacked in /usr/local/src/ntop-2.1.3/.

Create a directory for ntop to keep its capture database in:

# mkdir /usr/local/etc/ntop

Note that it should be owned by root, and not by the ntop user.

If you’d like to use SSL for HTTPS (instead of standard HTTP), then copy the default SSL key to ...