Debian / Ubuntu Linux Install ntop To See Network Usage / Network Status

by on July 14, 2008 · 26 comments· LAST UPDATED July 28, 2008

in , ,

Q. How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity?

A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.

ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity.

ntop is a network probe that showsIn interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.Network Load Statistics

How do I install ntop under Debian / Ubuntu Linux?

Type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get install ntop

Sample output:

Reading package lists... Done
Building dependency tree... Done
Suggested packages:
  graphviz
The following NEW packages will be installed:
  ntop
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/2859kB of archives.
After unpacking 12.1MB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package ntop.
(Reading database ... 27301 files and directories currently installed.)
Unpacking ntop (from .../ntop_3%3a3.2-8_amd64.deb) ...
Setting up ntop (3.2-8) ...
Starting network top daemon: Fri Jul 11 14:36:45 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:45 2008  Initializing gdbm databases
ntop

Set ntop admin user password

Type the following command to set password, enter:
# /usr/sbin/ntop -A
OR
$ sudo /usr/sbin/ntop -A
Sample output:

Fri Jul 11 14:36:52 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:52 2008  Initializing gdbm databases
ntop startup - waiting for user response!
Please enter the password for the admin user: [Type-yourPassord]
Please enter the password again:  [Type-yourPassord]
Fri Jul 11 14:36:59 2008  Admin user password has been set

Restart ntop service

Type the following command, enter:
# /etc/init.d/ntop restart
Verify ntop is working, enter:
# netstat -tulpn | grep :3000
ntop by default use 3000 port to display network usage via webbrowser.

How do I view network usage stats?

Type the url:
http://localhost:3000/
OR
http://server-ip:3000/

Sample ntop reports

ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])

Further readings:

  1. man ntop
  2. ntop configuration files located at /etc/ntop/ directory
  3. ntop project
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 26 comments… read them below or add one }

1 Peter July 15, 2008 at 7:45 am

Perfect post. Thanks for explanation how to install ntop. As always i found what i wanted to know about. Thanks.

Reply

2 vyr October 8, 2008 at 11:56 am

ntop requires man2html. Man2html requires gawk. Gawk again requires man2html. Thats it…

Reply

3 bo May 3, 2009 at 2:53 pm

Can I use ntop to see network traffic per process?

Reply

4 Vivek July 16, 2009 at 9:40 am

Really useful.

Reply

5 Mehdi July 28, 2009 at 3:01 pm

Great stuff.
Thanks a lot.

it was working yesterday but today I keep getting:

gdbm fatal: write error

when I run ntop restart

what is gdbm database and where is it located?

Thanks!

Reply

6 Mehdi July 28, 2009 at 3:08 pm

Oh never mind..
sorry …I think I know what happened. I was doing a backup and I backed up to the / by accident, so I ran out of space.
I believe that is why I got database error.

Thanks!

Reply

7 Mehdi July 28, 2009 at 4:10 pm

Heh Now I have a different Problem.

I ran ntop on this other server but the problem is that this server’s eth0 is not plugged in, instead eth2 is.
Now ntop will NOT work saying eth0 is down!

Is there Any way I could change eth0 to eth2? I looked in the ntop files and could not find any mention of eth0 in those?
Thanks for any advice!

Reply

8 Mehdi July 28, 2009 at 4:48 pm

sorry for replying to myself lol but I accidentally found this by doing a ps ax (for unrelated proc.):
/usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop –skip-version-check -a /var/log/ntop/access.log -i eth0 -p /etc/ntop/protocol.list -O /var/log/ntop

The eth0 caught my attention, may be this command line has something to do with it?

Reply

9 nixCraft July 28, 2009 at 5:29 pm

Replace -i eth0 with -i eth1

Reply

10 Matey July 28, 2009 at 10:32 pm

Thanks a lot Vivek G. for the reply!

Best Regards;

mehdi

Reply

11 mehdi July 29, 2009 at 3:20 pm

Sorry for too many posts but I also found the file where you can change ethX (your NICs specs).
It is here:
/var/lib/ntop/init.cfg

in case anyone has the same problem …..B U T :
This ( netstat -tulpn | grep :3000 ) works great on my workstation but when I run it on my server for some reason it keeps using IP v6 !? (I think this is what it is, so I get a blank web page!

Here’s the exact result;
etc/init.d/ntop restart
Stopping network top daemon: ntop
Starting network top daemon: Wed Jul 29 16:08:05 2009 NOTE: Interface merge enabled by default
Wed Jul 29 16:08:05 2009 Initializing gdbm databases
ntop
THEN:
$netstat -tulpn | grep :3000
tcp6 0 0 :::3000 :::* LISTEN 7022/ntop

Where On My workstation I get this:

$netstat -tulpn | grep :3000
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 27782/ntop

As you can see the last one which works has TCP and the one above it has TCP6 and other differences which I tried to solve by using different ports to no avail.
When I used port 8000 I get a /python result at the end instead of /ntop!

This is a really cool interface and I like to be able to use it anywhere. So hopefully someone will solve this mystery.
Thanks a Lot!
m.

Reply

12 Bill August 30, 2009 at 9:33 am

Has anybody gotten Ntop to run on Ubuntu Jaunty? On reboot it does not start up and it won’t let me change the interface. I have edited /var/lib/ntop/init.cfg and run ntop -u ntop -d. I installed it from the repositories and it does run.

Reply

13 abbas December 8, 2009 at 4:03 pm

Thank you for this subject
im abbas from iri

Reply

14 Bobby December 31, 2009 at 10:51 am

I have been trying to figure out how to get data to dump into mysql. Through the web interface, there exists and option to specify the host/un/pw but it doesn’t seem to be working. Thanks.

Reply

15 Ishrat ali July 26, 2010 at 1:15 pm

I have installed ntop on ubuntu 10.04 , 64bit machine; it was working ok. But now some thing has happen and its giving following errors. Can some one help me out to solve this problem. Following is error message

Please enable make sure that the ntop html/ directory is properly installed

Error 400
The specified request is invalid.
Received request:

“GET / HTTP/1.1″

Reply

16 Joost September 10, 2010 at 9:20 am

@Ishrat ali
Had the same problem. Fixed it with the following commands:
——–
sudo chown -R ntop:ntop /var/lib/ntop/
sudo chown -R ntop:ntop /usr/share/ntop/
sudo ln -s /usr/share/ntop/html /var/lib/ntop/
sudo /etc/init.d/ntop restart
——–
Don’t know what really fixed because I failed to notice it thanks to caching feature of the chrome browser. So either wrong permissions or a lost symbolic link. Or both :)

Reply

17 gopinath September 23, 2010 at 11:28 am

Can some one help me out to solve this problem. Following is error message

Please enable make sure that the ntop html/ directory is properly installed

Error 400
The specified request is invalid.
Received request:

“GET / HTTP/1.1″

Reply

18 ruben October 17, 2010 at 1:53 pm

HI i got the same problem please anyone have idea please, when i run the global stats

-Please enable make sure that the ntop html/ directory is properly installed

Any idea..?

Reply

19 Horace March 26, 2011 at 6:08 pm

I set a password for ntop using “sudo /usr/sbin/ntop -A”
when I try to configure ntop via my browser (firefox) i receive a box asking for
a user name and password. I entered Admin for the user name and my password.

It does not work.

Any ideas?

Linux mint 9 ‘Isadora’

Reply

20 Pomodoro method August 9, 2011 at 11:51 am

darkstat and vnstat are very valid alternative especially on the servers.

Reply

21 XlbrlX August 14, 2011 at 8:04 am

Hey
thanks to your post.
I did everything you said here, but when going to wab_based interface, it doesn’t show anything. All Tables are empty, is it because I run it by the local host? but it doesn’t show even local ports used! :(

Reply

22 Stian January 29, 2012 at 1:15 am

Have set up ntop and everything worked fine until i rebooted!
The service doesn´t start automatically, and when I try “sudo services ntop start” it seems to start but there is nothing on port 3000 (or any other port, and no process in ps aux either). When running “services –status-all” it list “[ ? ] ntop”
But if I run “sudo ntop” everything works fine (except it runs in foreground), any suggestions?
..I would like it to start automatically after reboot and run in background as a service.

Reply

23 UMUT February 18, 2012 at 3:10 am

Unfortunately, this package is not available for Debian any more…

aptitude update
aptitude install ntop
No candidate version found for ntop
No candidate version found for ntop
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

Reply

24 madasamy July 13, 2012 at 8:43 am

i want find out http request size using ntop.is it possible in ntop?

Reply

25 Kashif April 10, 2014 at 12:02 pm

My ntop is installed but interface is not opening. I have run these commands, even then its not opening:
iptables -F
service iptables stop

Any clue will be appreciated ???

Reply

26 Kashif April 10, 2014 at 12:02 pm

iptables -F
[root@haditel ~]# service iptables stop

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , ,

Previous Faq:

Next Faq: