Run ntop for Real-Time Network Stats
See who’s doing what on your network over time with ntop.
If you’re
looking for real-time network statistics, check
out the terrific ntop
tool (http://www.ntop.org). It is a full-featured
protocol analyzer with a web frontend, complete with SSL and graphing
support. Unfortunately, ntop
isn’t exactly lightweight (the precise
amount of resources required depend on the size of your network and
the volume of network traffic), but it can give you a very nice
picture of who’s talking to whom on your network.
ntop
needs to run initially as root (to throw
your interfaces into promiscuous mode and start capturing packets),
but then releases its privileges to a user that you specify. If you
decide to run ntop
for long periods of time,
you’ll probably be happiest running it on a
dedicated monitoring box (with few other services running on it, for
security and performance reasons).
Here’s a quick reference on how to get
ntop
up and running. First, create an
ntop
user and group:
#groupadd ntop
#useradd -c "ntop user" -d /usr/local/etc/ntop \
-s /bin/true -g ntop ntop
Then unpack and build ntop
per the instructions
in docs/BUILD-NTOP.txt
. I assume that you have
the source tree unpacked in
/usr/local/src/ntop-2.1.3/
.
Create a directory for ntop
to keep its capture
database in:
# mkdir /usr/local/etc/ntop
Note that it should be owned by root, and not by the
ntop
user.
If you’d like to use SSL for HTTPS (instead of standard HTTP), then copy the default SSL key to ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.