Install ntop on Red Hat Enterprise Linux / CentOS Linux
Q. ntop is a network probe that shows network usage in a way similar to what top does for processes. How do I install latest version of ntop on RHEL 5.x systems?
A. ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.
Following instructions are tested on 32/64 bit versions only:
a) RHEL Linux 5.x
b) CentOS Linux 5.x
Download latest ntop
Visit ntop project to grab latest version. You can use wget to grab the same, enter:
# cd /opt
# wget http://freshmeat.net/redir/ntop/7279/url_tgz/ntop-3.3.6.tar.gz
Untar tar ball, enter:
# tar -zxvf ntop-3.3.6.tar.gz
Configure and Compile ntop under RHEL
You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap
Type the following commands to compile and install ntop:
# cd ntop
# ./autogen.sh
Just type make to compile ntop:
# make
Just type make install to install ntop:
# make install
# make install-data-as
Create ntop user
Type the following command to run ntop as ntop user, enter:
# useradd -M -s /sbin/nologin -r ntop
Setup directory permissions
Next, you need to setup directory permissions, enter:
# chown ntop:root /usr/local/var/ntop/
# chown ntop:ntop /usr/local/share/ntop/
Setup ntop user admin password
Type the following command to set ntop admin password, enter:
# ntop -A
Sample output:
Mon Jul 28 03:38:34 2008 NOTE: Interface merge enabled by default Mon Jul 28 03:38:34 2008 Initializing gdbm databases ntop startup - waiting for user response! Please enter the password for the admin user: Please enter the password again: Mon Jul 28 03:38:42 2008 Admin user password has been set
Start ntop
Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:
Mon Jul 28 03:42:19 2008 NOTE: Interface merge enabled by default Mon Jul 28 03:42:19 2008 Initializing gdbm databases
If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Where,
- -i "eth0,eth1" : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.
- -d : Run ntop as a daemon.
- -L : Send all log messages to the system log (/var/log/messages) instead of screen.
- -u ntop : Start ntop as ntop user
- -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.
- --skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.
- --use-syslog=daemon : Use syslog daemon.
How do I view ntop stats?
By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
http://localhost:3000/
OR
http://server-ip:3000/

(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])
Open port 3000 using iptables
Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Append following code before final REJECT line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Save and close the file. Restart firewall:
# service iptables restart
How do I view ntop stats without opening port 3000?
Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:
$ ssh -L 3000:localhost:3000 -N -f user@server.yourcorp.com
Now open browser and type the following command:
http://localhost:3000/
How do I start ntop on boot?
Open /etc/rc.local file, enter:
# vi /etc/rc.local
Append the following line:
/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Save and close the file.
How do I stop ntop?
Use web interface to shutdown ntop, or use normal kill / killall command:
# killall ntop
Further readings:
- ntop man page
- ntop project
E-mail this to a friend
Printable version
Related Other Helpful FAQs:
- Linux Failure (4322): Configuration Initialization Failed - Error and Solution
- Red Hat Enterprise Linux / CentOS Linux Enable EPEL (Extra Packages for Enterprise Linux) Repository
- Debian / Ubuntu Linux Install ntop To See Network Usage / Network Status
- Install Language support in CentOS 5 or Red Hat Enterprise Linux
- How do I install or upgrade an RPM file or package under Red Hat / Fedora / Suse Linux?
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: /etc/rc.local, centos ntop, load statistics, media access control, network traffic load, network traffic monitoring, network traffic monitoring software, network traffic monitoring tool, network traffic monitoring tools, network traffic monitors, ntop, redhat ntop, rhel ntop, statistics network, traffic analyzer




July 29th, 2008 at 11:58 am
Thanks for the wonderful post Vivek. I have tried this out and it works flawlessly.
Maybe you need to mention that the installation of gdbm-devel as by default, I could not find that on the server. The other requirements are libtool automake autoconf.
So maybe someone would require to use this command as well:-
# yum install libtool automake autoconf gdbm-devel
July 29th, 2008 at 12:28 pm
Gagan,
No problem. Yes, deps may vary from one installation to other.
I appropriate your post.
July 29th, 2008 at 12:44 pm
Under the Centos5 you can install ntop natively by using rpmforge and epel repos.
I just enter the command:
“yum install ntop”
and voilĂ .) :
Resolving Dependencies
–> Running transaction check
—> Package ntop.i386 0:3.3.6-1.el5.rf set to be updated
–> Processing Dependency: librrd_th.so.2 for package: ntop
–> Running transaction check
—> Package rrdtool.i386 0:1.2.27-3.el5 set to be updated
–> Finished Dependency Resolution
===8<—–
Installed: ntop.i386 0:3.3.6-1.el5.rf
Dependency Installed: rrdtool.i386 0:1.2.27-3.el5
Complete!
July 29th, 2008 at 12:46 pm
dot22,
Thanks for pointing out rpmforge repos. I generally don’t mix 3rd party repos with RHEL (as I might break their TOS). But under CentOS I don’t mind using rpmforge.