Q. How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity?

A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.

ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity.

ntop is a network probe that showsIn interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.Network Load Statistics

How do I install ntop under Debian / Ubuntu Linux?

Type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get install ntop

Sample output:

Reading package lists... Done
Building dependency tree... Done
Suggested packages:
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/2859kB of archives.
After unpacking 12.1MB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package ntop.
(Reading database ... 27301 files and directories currently installed.)
Unpacking ntop (from .../ntop_3%3a3.2-8_amd64.deb) ...
Setting up ntop (3.2-8) ...
Starting network top daemon: Fri Jul 11 14:36:45 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:45 2008  Initializing gdbm databases

Set ntop admin user password

Type the following command to set password, enter:
# /usr/sbin/ntop -A
$ sudo /usr/sbin/ntop -A
Sample output:

Fri Jul 11 14:36:52 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:52 2008  Initializing gdbm databases

ntop startup - waiting for user response!

Please enter the password for the admin user: [Type-yourPassord]
Please enter the password again:  [Type-yourPassord]
Fri Jul 11 14:36:59 2008  Admin user password has been set

Restart ntop service

Type the following command, enter:
# /etc/init.d/ntop restart
Verify ntop is working, enter:
# netstat -tulpn | grep :3000
ntop by default use 3000 port to display network usage via webbrowser.

How do I view network usage stats?

Type the url:

Sample ntop reports

ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])

Further readings:

  1. man ntop
  2. ntop configuration files located at /etc/ntop/ directory
  3. ntop project

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 29 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
29 comments… add one
  • Peter Jul 15, 2008 @ 7:45

    Perfect post. Thanks for explanation how to install ntop. As always i found what i wanted to know about. Thanks.

  • vyr Oct 8, 2008 @ 11:56

    ntop requires man2html. Man2html requires gawk. Gawk again requires man2html. Thats it…

  • bo May 3, 2009 @ 14:53

    Can I use ntop to see network traffic per process?

  • Vivek Jul 16, 2009 @ 9:40

    Really useful.

  • Mehdi Jul 28, 2009 @ 15:01

    Great stuff.
    Thanks a lot.

    it was working yesterday but today I keep getting:

    gdbm fatal: write error

    when I run ntop restart

    what is gdbm database and where is it located?


  • Mehdi Jul 28, 2009 @ 15:08

    Oh never mind..
    sorry …I think I know what happened. I was doing a backup and I backed up to the / by accident, so I ran out of space.
    I believe that is why I got database error.


  • Mehdi Jul 28, 2009 @ 16:10

    Heh Now I have a different Problem.

    I ran ntop on this other server but the problem is that this server’s eth0 is not plugged in, instead eth2 is.
    Now ntop will NOT work saying eth0 is down!

    Is there Any way I could change eth0 to eth2? I looked in the ntop files and could not find any mention of eth0 in those?
    Thanks for any advice!

  • Mehdi Jul 28, 2009 @ 16:48

    sorry for replying to myself lol but I accidentally found this by doing a ps ax (for unrelated proc.):
    /usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop –skip-version-check -a /var/log/ntop/access.log -i eth0 -p /etc/ntop/protocol.list -O /var/log/ntop

    The eth0 caught my attention, may be this command line has something to do with it?

  • Matey Jul 28, 2009 @ 22:32

    Thanks a lot Vivek G. for the reply!

    Best Regards;


  • mehdi Jul 29, 2009 @ 15:20

    Sorry for too many posts but I also found the file where you can change ethX (your NICs specs).
    It is here:

    in case anyone has the same problem …..B U T :
    This ( netstat -tulpn | grep :3000 ) works great on my workstation but when I run it on my server for some reason it keeps using IP v6 !? (I think this is what it is, so I get a blank web page!

    Here’s the exact result;
    etc/init.d/ntop restart
    Stopping network top daemon: ntop
    Starting network top daemon: Wed Jul 29 16:08:05 2009 NOTE: Interface merge enabled by default
    Wed Jul 29 16:08:05 2009 Initializing gdbm databases
    $netstat -tulpn | grep :3000
    tcp6 0 0 :::3000 :::* LISTEN 7022/ntop

    Where On My workstation I get this:

    $netstat -tulpn | grep :3000
    tcp 0 0* LISTEN 27782/ntop

    As you can see the last one which works has TCP and the one above it has TCP6 and other differences which I tried to solve by using different ports to no avail.
    When I used port 8000 I get a /python result at the end instead of /ntop!

    This is a really cool interface and I like to be able to use it anywhere. So hopefully someone will solve this mystery.
    Thanks a Lot!

  • Bill Aug 30, 2009 @ 9:33

    Has anybody gotten Ntop to run on Ubuntu Jaunty? On reboot it does not start up and it won’t let me change the interface. I have edited /var/lib/ntop/init.cfg and run ntop -u ntop -d. I installed it from the repositories and it does run.

  • abbas Dec 8, 2009 @ 16:03

    Thank you for this subject
    im abbas from iri

  • Bobby Dec 31, 2009 @ 10:51

    I have been trying to figure out how to get data to dump into mysql. Through the web interface, there exists and option to specify the host/un/pw but it doesn’t seem to be working. Thanks.

  • Ishrat ali Jul 26, 2010 @ 13:15

    I have installed ntop on ubuntu 10.04 , 64bit machine; it was working ok. But now some thing has happen and its giving following errors. Can some one help me out to solve this problem. Following is error message

    Please enable make sure that the ntop html/ directory is properly installed

    Error 400
    The specified request is invalid.
    Received request:

    “GET / HTTP/1.1”

    • Joost Sep 10, 2010 @ 9:20

      @Ishrat ali
      Had the same problem. Fixed it with the following commands:
      sudo chown -R ntop:ntop /var/lib/ntop/
      sudo chown -R ntop:ntop /usr/share/ntop/
      sudo ln -s /usr/share/ntop/html /var/lib/ntop/
      sudo /etc/init.d/ntop restart
      Don’t know what really fixed because I failed to notice it thanks to caching feature of the chrome browser. So either wrong permissions or a lost symbolic link. Or both :)

  • gopinath Sep 23, 2010 @ 11:28

    Can some one help me out to solve this problem. Following is error message

    Please enable make sure that the ntop html/ directory is properly installed

    Error 400
    The specified request is invalid.
    Received request:

    “GET / HTTP/1.1″

    • Prakash Apr 22, 2015 @ 12:40

      ntop.conf file need to edited to allow access from other IP.

      Edit the /etc/ntop.conf
      # limit ntop to listening on a specific interface and port
      –http-server –https-server

      Edited as below.

      # limit ntop to listening on a specific interface and port
      –http-server –https-server

  • ruben Oct 17, 2010 @ 13:53

    HI i got the same problem please anyone have idea please, when i run the global stats

    -Please enable make sure that the ntop html/ directory is properly installed

    Any idea..?

  • Horace Mar 26, 2011 @ 18:08

    I set a password for ntop using “sudo /usr/sbin/ntop -A”
    when I try to configure ntop via my browser (firefox) i receive a box asking for
    a user name and password. I entered Admin for the user name and my password.

    It does not work.

    Any ideas?

    Linux mint 9 ‘Isadora’

  • Pomodoro method Aug 9, 2011 @ 11:51

    darkstat and vnstat are very valid alternative especially on the servers.

  • XlbrlX Aug 14, 2011 @ 8:04

    thanks to your post.
    I did everything you said here, but when going to wab_based interface, it doesn’t show anything. All Tables are empty, is it because I run it by the local host? but it doesn’t show even local ports used! :(

  • Stian Jan 29, 2012 @ 1:15

    Have set up ntop and everything worked fine until i rebooted!
    The service doesn´t start automatically, and when I try “sudo services ntop start” it seems to start but there is nothing on port 3000 (or any other port, and no process in ps aux either). When running “services –status-all” it list “[ ? ] ntop”
    But if I run “sudo ntop” everything works fine (except it runs in foreground), any suggestions?
    ..I would like it to start automatically after reboot and run in background as a service.

  • UMUT Feb 18, 2012 @ 3:10

    Unfortunately, this package is not available for Debian any more…

    aptitude update
    aptitude install ntop
    No candidate version found for ntop
    No candidate version found for ntop
    No packages will be installed, upgraded, or removed.
    0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    Need to get 0 B of archives. After unpacking 0 B will be used.

  • madasamy Jul 13, 2012 @ 8:43

    i want find out http request size using ntop.is it possible in ntop?

  • Kashif Apr 10, 2014 @ 12:02

    My ntop is installed but interface is not opening. I have run these commands, even then its not opening:
    iptables -F
    service iptables stop

    Any clue will be appreciated ???

  • Kashif Apr 10, 2014 @ 12:02

    iptables -F
    [root@haditel ~]# service iptables stop

  • zerox Sep 16, 2014 @ 8:21

    Thanks for this article, it really helped me a lot.

  • Dean Jan 21, 2017 @ 20:33

    I have installed ntop on 32bit version of Ubuntu 16.04 in terminal mode. It shows that it is running. However when I access in Firefox, it won’t show traffic because it reports no interface setup. I can access admin configuration but cannot find how to add Ethernet (eth0?) or wireless.l network. Any help would be greatly appreciated.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum