Running ntop for Real-Time Network Stats
See who’s doing what on your network over time with ntop.
If
you’re looking for real-time network statistics, you
should check out the terrific ntop (http://www.ntop.org/) tool. It is a
full-featured protocol analyzer with a web frontend, complete with
SSL- and GD-graphing support. Unfortunately, ntop
isn’t exactly lightweight (requiring more resources
depending on the size of your network and the volume of Net traffic),
but it can give you a very nice picture of who’s
talking to whom on your network.
ntop needs to run initially as root (to throw your interfaces into promiscuous mode and start capturing packets), but then releases its privileges to a user that you specify. If you decide to run ntop for long periods of time, you’ll probably be happiest running it on a dedicated monitoring box (with few other services running on it, for security and performance reasons).
Here’s a quick reference on how to get ntop up and running quickly. First, create an ntop user and group:
root@gemini:~#groupadd ntoproot@gemini:~#useradd -c "ntop user" -d /usr/local/etc/ntop -s /bin/true[RETURN]-g ntop ntop
Then unpack and build ntop per the instructions in
docs/BUILD-NTOP.txt. I assume that you have the
source tree unpacked in
/usr/local/src/ntop-2.1.3/.
Create a directory for ntop to keep its capture database in:
root@gemini:~# mkdir /usr/local/etc/ntop(Note that it should be owned by root, and
not by the ntop user.)
If you’d like to use SSL for https ...