Posted by: jasonk2600 | November 21, 2009

Network Traffic Monitoring with nTop

Installation

Configure and install nTop from the ports collection.  NOTE:  Be sure to activate the PCAP_PORT configuration option when configuring the nTop port.  Any other dependency ports can use their default configurations or can be modified if needed.  This document only makes use of the default configurations of dependencies.

# echo "WITH_PCAP_PORT=YES" >> /etc/make.conf
# cd /usr/ports/net/ntop
# make config
# make install clean
    ....[ Lots of Output ]....
# rehash

 

Configuration

Set the nTop admin user password.

# /usr/local/bin/ntop -u nobody -A
Sat Nov 21 10:52:08 2009  NOTE: Interface merge enabled by default
Sat Nov 21 10:52:08 2009  Initializing gdbm databases


ntop startup - waiting for user response!


Please enter the password for the admin user:
Please enter the password again:
Sat Nov 21 10:52:14 2009  Admin user password has been set

Next, configure nTop to automatically start at system boot and start nTop for the first time.

# echo "ntop_enable=YES" >> /etc/rc.conf
# /usr/local/etc/rc.d/ntop start
Starting ntop.
Sat Nov 21 11:00:18 2009  NOTE: Interface merge enabled by default
Sat Nov 21 11:00:18 2009  Initializing gdbm databases  

 

Testing

To test nTop generate some random traffic to the newly setup system running nTop. This can be done by simply pinging the host for a couple of different hosts. The next step is to verify that nTop is seeing the network traffic. Open a web browser and point it at the address of the system running nTop on port 3000. For example, if the address of the system running nTop is 192.168.1.2, then you would point your Web browser at http://192.168.1.2:3000/.

NOTE:  You may also want to configure the nTop Web interface to use SSL.  Go to the nTop Web interface and select the Admin –> Configure –> Startup Options menu item.  Set the HTTPS Server (-W) options to use an IP port that is different from the HTTP Server (-w) port.  For example, set the HTTPS Server (-W) field to 3001.  Click the Save Prefs button and restart nTop.

# /usr/local/etc/rc.d/ntop restart

Finally, point your Web browser to the address of your nTop system using port 3001.  NOTE:  Your Web browser may display a warning that the digital certificate may be invalid, you may safely ignore this warning and continue to the nTop Web interface.

 

  [EoF]
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: