≡ Menu

Debian / Ubuntu Linux Install ntop To See Network Usage / Network Status

Q. How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity?

A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.

ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity.

ntop is a network probe that showsIn interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.Network Load Statistics

How do I install ntop under Debian / Ubuntu Linux?

Type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get install ntop

Sample output:

Reading package lists... Done
Building dependency tree... Done
Suggested packages:
  graphviz
The following NEW packages will be installed:
  ntop
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/2859kB of archives.
After unpacking 12.1MB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package ntop.
(Reading database ... 27301 files and directories currently installed.)
Unpacking ntop (from .../ntop_3%3a3.2-8_amd64.deb) ...
Setting up ntop (3.2-8) ...
Starting network top daemon: Fri Jul 11 14:36:45 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:45 2008  Initializing gdbm databases
ntop

Set ntop admin user password

Type the following command to set password, enter:
# /usr/sbin/ntop -A
OR
$ sudo /usr/sbin/ntop -A
Sample output:

Fri Jul 11 14:36:52 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:52 2008  Initializing gdbm databases
ntop startup - waiting for user response!
Please enter the password for the admin user: [Type-yourPassord]
Please enter the password again:  [Type-yourPassord]
Fri Jul 11 14:36:59 2008  Admin user password has been set

Restart ntop service

Type the following command, enter:
# /etc/init.d/ntop restart
Verify ntop is working, enter:
# netstat -tulpn | grep :3000
ntop by default use 3000 port to display network usage via webbrowser.

How do I view network usage stats?

Type the url:
http://localhost:3000/
OR
http://server-ip:3000/

Sample ntop reports

ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])

Further readings:

  1. man ntop
  2. ntop configuration files located at /etc/ntop/ directory
  3. ntop project

{ 28 comments… add one }

  • Peter July 15, 2008, 7:45 am

    Perfect post. Thanks for explanation how to install ntop. As always i found what i wanted to know about. Thanks.

  • vyr October 8, 2008, 11:56 am

    ntop requires man2html. Man2html requires gawk. Gawk again requires man2html. Thats it…

  • bo May 3, 2009, 2:53 pm

    Can I use ntop to see network traffic per process?

  • Vivek July 16, 2009, 9:40 am

    Really useful.

  • Mehdi July 28, 2009, 3:01 pm

    Great stuff.
    Thanks a lot.

    it was working yesterday but today I keep getting:

    gdbm fatal: write error

    when I run ntop restart

    what is gdbm database and where is it located?

    Thanks!

  • Mehdi July 28, 2009, 3:08 pm

    Oh never mind..
    sorry …I think I know what happened. I was doing a backup and I backed up to the / by accident, so I ran out of space.
    I believe that is why I got database error.

    Thanks!

  • Mehdi July 28, 2009, 4:10 pm

    Heh Now I have a different Problem.

    I ran ntop on this other server but the problem is that this server’s eth0 is not plugged in, instead eth2 is.
    Now ntop will NOT work saying eth0 is down!

    Is there Any way I could change eth0 to eth2? I looked in the ntop files and could not find any mention of eth0 in those?
    Thanks for any advice!

  • Mehdi July 28, 2009, 4:48 pm

    sorry for replying to myself lol but I accidentally found this by doing a ps ax (for unrelated proc.):
    /usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop –skip-version-check -a /var/log/ntop/access.log -i eth0 -p /etc/ntop/protocol.list -O /var/log/ntop

    The eth0 caught my attention, may be this command line has something to do with it?

  • Matey July 28, 2009, 10:32 pm

    Thanks a lot Vivek G. for the reply!

    Best Regards;

    mehdi

  • mehdi July 29, 2009, 3:20 pm

    Sorry for too many posts but I also found the file where you can change ethX (your NICs specs).
    It is here:
    /var/lib/ntop/init.cfg

    in case anyone has the same problem …..B U T :
    This ( netstat -tulpn | grep :3000 ) works great on my workstation but when I run it on my server for some reason it keeps using IP v6 !? (I think this is what it is, so I get a blank web page!

    Here’s the exact result;
    etc/init.d/ntop restart
    Stopping network top daemon: ntop
    Starting network top daemon: Wed Jul 29 16:08:05 2009 NOTE: Interface merge enabled by default
    Wed Jul 29 16:08:05 2009 Initializing gdbm databases
    ntop
    THEN:
    $netstat -tulpn | grep :3000
    tcp6 0 0 :::3000 :::* LISTEN 7022/ntop

    Where On My workstation I get this:

    $netstat -tulpn | grep :3000
    tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 27782/ntop

    As you can see the last one which works has TCP and the one above it has TCP6 and other differences which I tried to solve by using different ports to no avail.
    When I used port 8000 I get a /python result at the end instead of /ntop!

    This is a really cool interface and I like to be able to use it anywhere. So hopefully someone will solve this mystery.
    Thanks a Lot!
    m.

  • Bill August 30, 2009, 9:33 am

    Has anybody gotten Ntop to run on Ubuntu Jaunty? On reboot it does not start up and it won’t let me change the interface. I have edited /var/lib/ntop/init.cfg and run ntop -u ntop -d. I installed it from the repositories and it does run.

  • abbas December 8, 2009, 4:03 pm

    Thank you for this subject
    im abbas from iri

  • Bobby December 31, 2009, 10:51 am

    I have been trying to figure out how to get data to dump into mysql. Through the web interface, there exists and option to specify the host/un/pw but it doesn’t seem to be working. Thanks.

  • Ishrat ali July 26, 2010, 1:15 pm

    I have installed ntop on ubuntu 10.04 , 64bit machine; it was working ok. But now some thing has happen and its giving following errors. Can some one help me out to solve this problem. Following is error message

    Please enable make sure that the ntop html/ directory is properly installed

    Error 400
    The specified request is invalid.
    Received request:

    “GET / HTTP/1.1″

    • Joost September 10, 2010, 9:20 am

      @Ishrat ali
      Had the same problem. Fixed it with the following commands:
      ——–
      sudo chown -R ntop:ntop /var/lib/ntop/
      sudo chown -R ntop:ntop /usr/share/ntop/
      sudo ln -s /usr/share/ntop/html /var/lib/ntop/
      sudo /etc/init.d/ntop restart
      ——–
      Don’t know what really fixed because I failed to notice it thanks to caching feature of the chrome browser. So either wrong permissions or a lost symbolic link. Or both :)

  • gopinath September 23, 2010, 11:28 am

    Can some one help me out to solve this problem. Following is error message

    Please enable make sure that the ntop html/ directory is properly installed

    Error 400
    The specified request is invalid.
    Received request:

    “GET / HTTP/1.1″

    • Prakash April 22, 2015, 12:40 pm

      ntop.conf file need to edited to allow access from other IP.

      Edit the /etc/ntop.conf
      from
      # limit ntop to listening on a specific interface and port
      –http-server 127.0.0.1:3000 –https-server 127.0.0.1:3001

      Edited as below.

      # limit ntop to listening on a specific interface and port
      –http-server 0.0.0.0:3000 –https-server 0.0.0.0:3001

  • ruben October 17, 2010, 1:53 pm

    HI i got the same problem please anyone have idea please, when i run the global stats

    -Please enable make sure that the ntop html/ directory is properly installed

    Any idea..?

  • Horace March 26, 2011, 6:08 pm

    I set a password for ntop using “sudo /usr/sbin/ntop -A”
    when I try to configure ntop via my browser (firefox) i receive a box asking for
    a user name and password. I entered Admin for the user name and my password.

    It does not work.

    Any ideas?

    Linux mint 9 ‘Isadora’

  • Pomodoro method August 9, 2011, 11:51 am

    darkstat and vnstat are very valid alternative especially on the servers.

  • XlbrlX August 14, 2011, 8:04 am

    Hey
    thanks to your post.
    I did everything you said here, but when going to wab_based interface, it doesn’t show anything. All Tables are empty, is it because I run it by the local host? but it doesn’t show even local ports used! :(

  • Stian January 29, 2012, 1:15 am

    Have set up ntop and everything worked fine until i rebooted!
    The service doesn´t start automatically, and when I try “sudo services ntop start” it seems to start but there is nothing on port 3000 (or any other port, and no process in ps aux either). When running “services –status-all” it list “[ ? ] ntop”
    But if I run “sudo ntop” everything works fine (except it runs in foreground), any suggestions?
    ..I would like it to start automatically after reboot and run in background as a service.

  • UMUT February 18, 2012, 3:10 am

    Unfortunately, this package is not available for Debian any more…

    aptitude update
    aptitude install ntop
    No candidate version found for ntop
    No candidate version found for ntop
    No packages will be installed, upgraded, or removed.
    0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    Need to get 0 B of archives. After unpacking 0 B will be used.

  • madasamy July 13, 2012, 8:43 am

    i want find out http request size using ntop.is it possible in ntop?

  • Kashif April 10, 2014, 12:02 pm

    My ntop is installed but interface is not opening. I have run these commands, even then its not opening:
    iptables -F
    service iptables stop

    Any clue will be appreciated ???

  • Kashif April 10, 2014, 12:02 pm

    iptables -F
    [root@haditel ~]# service iptables stop

  • zerox September 16, 2014, 8:21 am

    Thanks for this article, it really helped me a lot.

Leave a Comment