Archive for December 31st, 2007

(taken from http://www.ntop.org)

Ntop is a network traffic monitor that shows the network usage. It display a list of hosts that are currently using the network and reports information concerning the (IP and non-IP) traffic generated and received by each host. It is similar to what the popular top Unix command does.

Ntop may operate as a front-end collector (sFlow and / or netFlow plugins) or as a stand alone collector/display program. A web browser is needed to access the information captured by the ntop program. The ntop users can navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. It looks like an agent with an embedded web interface.

Ntop needs a limited configuration and administration via the web interface, reduced CPU and memory usage. It’s easy to use and suitable for monitoring various kind of networks.

What ntop can do for me?

  • Sort network traffic according to many protocols

  • Show network traffic sorted according to various criteria

  • Display traffic statistics

  • Store on disk persistent traffic statistics in RRD format

  • Identify the identity (e.g. email address) of computer users

  • Passively (I.e. without sending probe packets) identify the host OS

  • Show IP traffic distribution among the various protocols

  • Analyse IP traffic and sort it according to the source /destination

  • Display IP Traffic Subnet matrix (who’s talking to who?)

  • Report IP protocol usage sorted by protocol type

  • Act as a NetFlow / sFlow collector for flows generated by routers

  • Produce RMON – like network traffic statistics

It has been developed by Luca Deri, and Italian research scientist and network manager at University of Pisa.

taufanlubis@toshiba:~$ sudo apt-get install ntop

Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
libgd2-noxpm libpcap0.7
Suggested packages:
libgd-tools graphviz
The following NEW packages will be installed:
libgd2-noxpm libpcap0.7 ntop
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 3161kB of archives.
After unpacking 12.4MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://archive.ubuntu.com gutsy/main libgd2-noxpm 2.0.34-1ubuntu1 [317kB]Get:2 http://archive.ubuntu.com gutsy/universe libpcap0.7 0.7.2-7build1 [71.3kB]
Get:3 http://archive.ubuntu.com gutsy/universe ntop 3:3.2-10.1 [2773kB]
Fetched 3161kB in 1m4s (49.0kB/s)
Preconfiguring packages …
Selecting previously deselected package libgd2-noxpm.
(Reading database … 126317 files and directories currently installed.)
Unpacking libgd2-noxpm (from …/libgd2-noxpm_2.0.34-1ubuntu1_i386.deb) …
Selecting previously deselected package libpcap0.7.
Unpacking libpcap0.7 (from …/libpcap0.7_0.7.2-7build1_i386.deb) …
Selecting previously deselected package ntop.
Unpacking ntop (from …/ntop_3%3a3.2-10.1_i386.deb) …
Setting up libgd2-noxpm (2.0.34-1ubuntu1) …
Setting up libpcap0.7 (0.7.2-7build1) …
Setting up ntop (3:3.2-10.1) …
Adding system user: ntop.
Warning: The home dir you specified already exists.
Adding system user `ntop’ (UID 110) …
Adding new group `ntop’ (GID 122) …
Adding new user `ntop’ (UID 110) with group `ntop’ …
The home directory `/var/lib/ntop’ already exists. Not copying from `/etc/skel’.
adduser: Warning: that home directory does not belong to the user you are currently creating.
Starting network top daemon: Sat Dec 8 08:01:32 2007 NOTE: Interface merge enabled by default
Sat Dec 8 08:01:32 2007 Initializing gdbm databases
Processing triggers for libc6 …
ldconfig deferred processing now taking place



To run ntop at your web browser, type ‘localhost:3000’ at your url.


Read Full Post »