Q. How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity?
A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.
ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity.
ntop is a network probe that showsIn interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.Network Load Statistics
How do I install ntop under Debian / Ubuntu Linux?
Type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get install ntop
Sample output:
Reading package lists... Done Building dependency tree... Done Suggested packages: graphviz The following NEW packages will be installed: ntop 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0B/2859kB of archives. After unpacking 12.1MB of additional disk space will be used. Preconfiguring packages ... Selecting previously deselected package ntop. (Reading database ... 27301 files and directories currently installed.) Unpacking ntop (from .../ntop_3%3a3.2-8_amd64.deb) ... Setting up ntop (3.2-8) ... Starting network top daemon: Fri Jul 11 14:36:45 2008 NOTE: Interface merge enabled by default Fri Jul 11 14:36:45 2008 Initializing gdbm databases ntop
Set ntop admin user password
Type the following command to set password, enter:
# /usr/sbin/ntop -A
OR
$ sudo /usr/sbin/ntop -A
Sample output:
Fri Jul 11 14:36:52 2008 NOTE: Interface merge enabled by default Fri Jul 11 14:36:52 2008 Initializing gdbm databases ntop startup - waiting for user response! Please enter the password for the admin user: [Type-yourPassord] Please enter the password again: [Type-yourPassord] Fri Jul 11 14:36:59 2008 Admin user password has been set
Restart ntop service
Type the following command, enter:
# /etc/init.d/ntop restart
Verify ntop is working, enter:
# netstat -tulpn | grep :3000
ntop by default use 3000 port to display network usage via webbrowser.
How do I view network usage stats?
Type the url:
http://localhost:3000/
OR
http://server-ip:3000/
Sample ntop reports
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])
(Fig.02: Network Load Statistics (click to enlarge])
Further readings:
- man ntop
- ntop configuration files located at /etc/ntop/ directory
- ntop project
29 comment
Perfect post. Thanks for explanation how to install ntop. As always i found what i wanted to know about. Thanks.
ntop requires man2html. Man2html requires gawk. Gawk again requires man2html. Thats it…
Can I use ntop to see network traffic per process?
Really useful.
Great stuff.
Thanks a lot.
it was working yesterday but today I keep getting:
gdbm fatal: write error
when I run ntop restart
what is gdbm database and where is it located?
Thanks!
Oh never mind..
sorry …I think I know what happened. I was doing a backup and I backed up to the / by accident, so I ran out of space.
I believe that is why I got database error.
Thanks!
Heh Now I have a different Problem.
I ran ntop on this other server but the problem is that this server’s eth0 is not plugged in, instead eth2 is.
Now ntop will NOT work saying eth0 is down!
Is there Any way I could change eth0 to eth2? I looked in the ntop files and could not find any mention of eth0 in those?
Thanks for any advice!
sorry for replying to myself lol but I accidentally found this by doing a ps ax (for unrelated proc.):
/usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop –skip-version-check -a /var/log/ntop/access.log -i eth0 -p /etc/ntop/protocol.list -O /var/log/ntop
The eth0 caught my attention, may be this command line has something to do with it?
Replace -i eth0 with -i eth1
Thanks a lot Vivek G. for the reply!
Best Regards;
mehdi
Sorry for too many posts but I also found the file where you can change ethX (your NICs specs).
It is here:
/var/lib/ntop/init.cfg
in case anyone has the same problem …..B U T :
This ( netstat -tulpn | grep :3000 ) works great on my workstation but when I run it on my server for some reason it keeps using IP v6 !? (I think this is what it is, so I get a blank web page!
Here’s the exact result;
etc/init.d/ntop restart
Stopping network top daemon: ntop
Starting network top daemon: Wed Jul 29 16:08:05 2009 NOTE: Interface merge enabled by default
Wed Jul 29 16:08:05 2009 Initializing gdbm databases
ntop
THEN:
$netstat -tulpn | grep :3000
tcp6 0 0 :::3000 :::* LISTEN 7022/ntop
Where On My workstation I get this:
$netstat -tulpn | grep :3000
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 27782/ntop
As you can see the last one which works has TCP and the one above it has TCP6 and other differences which I tried to solve by using different ports to no avail.
When I used port 8000 I get a /python result at the end instead of /ntop!
This is a really cool interface and I like to be able to use it anywhere. So hopefully someone will solve this mystery.
Thanks a Lot!
m.
Has anybody gotten Ntop to run on Ubuntu Jaunty? On reboot it does not start up and it won’t let me change the interface. I have edited /var/lib/ntop/init.cfg and run ntop -u ntop -d. I installed it from the repositories and it does run.
Thank you for this subject
im abbas from iri
I have been trying to figure out how to get data to dump into mysql. Through the web interface, there exists and option to specify the host/un/pw but it doesn’t seem to be working. Thanks.
I have installed ntop on ubuntu 10.04 , 64bit machine; it was working ok. But now some thing has happen and its giving following errors. Can some one help me out to solve this problem. Following is error message
Please enable make sure that the ntop html/ directory is properly installed
Error 400
The specified request is invalid.
Received request:
“GET / HTTP/1.1”
@Ishrat ali
Had the same problem. Fixed it with the following commands:
——–
sudo chown -R ntop:ntop /var/lib/ntop/
sudo chown -R ntop:ntop /usr/share/ntop/
sudo ln -s /usr/share/ntop/html /var/lib/ntop/
sudo /etc/init.d/ntop restart
——–
Don’t know what really fixed because I failed to notice it thanks to caching feature of the chrome browser. So either wrong permissions or a lost symbolic link. Or both :)
Can some one help me out to solve this problem. Following is error message
Please enable make sure that the ntop html/ directory is properly installed
Error 400
The specified request is invalid.
Received request:
“GET / HTTP/1.1″
ntop.conf file need to edited to allow access from other IP.
Edit the /etc/ntop.conf
from
# limit ntop to listening on a specific interface and port
–http-server 127.0.0.1:3000 –https-server 127.0.0.1:3001
Edited as below.
# limit ntop to listening on a specific interface and port
–http-server 0.0.0.0:3000 –https-server 0.0.0.0:3001
HI i got the same problem please anyone have idea please, when i run the global stats
-Please enable make sure that the ntop html/ directory is properly installed
Any idea..?
I set a password for ntop using “sudo /usr/sbin/ntop -A”
when I try to configure ntop via my browser (firefox) i receive a box asking for
a user name and password. I entered Admin for the user name and my password.
It does not work.
Any ideas?
Linux mint 9 ‘Isadora’
darkstat and vnstat are very valid alternative especially on the servers.
Hey
thanks to your post.
I did everything you said here, but when going to wab_based interface, it doesn’t show anything. All Tables are empty, is it because I run it by the local host? but it doesn’t show even local ports used! :(
Have set up ntop and everything worked fine until i rebooted!
The service doesn´t start automatically, and when I try “sudo services ntop start” it seems to start but there is nothing on port 3000 (or any other port, and no process in ps aux either). When running “services –status-all” it list “[ ? ] ntop”
But if I run “sudo ntop” everything works fine (except it runs in foreground), any suggestions?
..I would like it to start automatically after reboot and run in background as a service.
Unfortunately, this package is not available for Debian any more…
aptitude update
aptitude install ntop
No candidate version found for ntop
No candidate version found for ntop
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
i want find out http request size using ntop.is it possible in ntop?
My ntop is installed but interface is not opening. I have run these commands, even then its not opening:
iptables -F
service iptables stop
Any clue will be appreciated ???
iptables -F
[root@haditel ~]# service iptables stop
Thanks for this article, it really helped me a lot.
I have installed ntop on 32bit version of Ubuntu 16.04 in terminal mode. It shows that it is running. However when I access in Firefox, it won’t show traffic because it reports no interface setup. I can access admin configuration but cannot find how to add Ethernet (eth0?) or wireless.l network. Any help would be greatly appreciated.