Run ntop for Real-Time Network Stats
See who’s doing what on your network over time with ntop.
If you’re
looking for real-time network statistics, check
out the terrific ntop tool (http://www.ntop.org). It is a full-featured
protocol analyzer with a web frontend, complete with SSL and graphing
support. Unfortunately, ntop
isn’t exactly lightweight (the precise
amount of resources required depend on the size of your network and
the volume of network traffic), but it can give you a very nice
picture of who’s talking to whom on your network.
ntop needs to run initially as root (to throw
your interfaces into promiscuous mode and start capturing packets),
but then releases its privileges to a user that you specify. If you
decide to run ntop for long periods of time,
you’ll probably be happiest running it on a
dedicated monitoring box (with few other services running on it, for
security and performance reasons).
Here’s a quick reference on how to get
ntop up and running. First, create an
ntop user and group:
#groupadd ntop#useradd -c "ntop user" -d /usr/local/etc/ntop \-s /bin/true -g ntop ntop
Then unpack and build ntop per the instructions
in docs/BUILD-NTOP.txt. I assume that you have
the source tree unpacked in
/usr/local/src/ntop-2.1.3/.
Create a directory for ntop to keep its capture
database in:
# mkdir /usr/local/etc/ntopNote that it should be owned by root, and not by the
ntop user.
If you’d like to use SSL for HTTPS (instead of standard HTTP), then copy the default SSL key to ...