Install ntop on Red Hat Enterprise Linux / CentOS Linux

Q. ntop is a network probe that shows network usage in a way similar to what top does for processes. How do I install latest version of ntop on RHEL 5.x systems?

A. ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.


Following instructions are tested on 32/64 bit versions only:
a) RHEL Linux 5.x
b) CentOS Linux 5.x

Download latest ntop

Visit ntop project to grab latest version. You can use wget to grab the same, enter:
# cd /opt
# wget

Untar tar ball, enter:
# tar -zxvf ntop-3.3.6.tar.gz

Configure and Compile ntop under RHEL

You must have RRDTool installed. You also need to install libpcap, enter:
# yum install libpcap-devel libpcap
Type the following commands to compile and install ntop:
# cd ntop
# ./

Just type make to compile ntop:
# make
Just type make install to install ntop:
# make install
# make install-data-as

Create ntop user

Type the following command to run ntop as ntop user, enter:
# useradd -M -s /sbin/nologin -r ntop

Setup directory permissions

Next, you need to setup directory permissions, enter:
# chown ntop:root /usr/local/var/ntop/
# chown ntop:ntop /usr/local/share/ntop/

Setup ntop user admin password

Type the following command to set ntop admin password, enter:
# ntop -A
Sample output:

Mon Jul 28 03:38:34 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008  Initializing gdbm databases

ntop startup - waiting for user response!

Please enter the password for the admin user: 
Please enter the password again: 
Mon Jul 28 03:38:42 2008  Admin user password has been set

Start ntop

Type the following command to start ntop:
# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Sample output:

Mon Jul 28 03:42:19 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:42:19 2008  Initializing gdbm databases

If you have multiple interface (eth0, eth1 and so on), start ntop as follows:
# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon

  • -i “eth0,eth1” : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.
  • -d : Run ntop as a daemon.
  • -L : Send all log messages to the system log (/var/log/messages) instead of screen.
  • -u ntop : Start ntop as ntop user
  • -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.
  • –skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.
  • –use-syslog=daemon : Use syslog daemon.

How do I view ntop stats?

By default ntop listen on 3000 port. You can view ntop stats by visiting following url:
ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])

Open port 3000 using iptables

Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Append following code before final REJECT line:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
Save and close the file. Restart firewall:
# service iptables restart

How do I view ntop stats without opening port 3000?

Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:
$ ssh -L 3000:localhost:3000 -N -f
Now open browser and type the following command:

How do I start ntop on boot?

Open /etc/rc.local file, enter:
# vi /etc/rc.local
Append the following line:
/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check --use-syslog=daemon
Save and close the file.

How do I stop ntop?

Use web interface to shutdown ntop, or use normal kill / killall command:
# killall ntop

Further readings:

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

38 comments… add one
  • Vit Jul 1, 2013 @ 9:26

    this manual did not worked for me at Centos 5.x 64, ntop needed some “svn/subversion”, but i was not successfull installing it.

  • Max Sep 19, 2013 @ 7:49

    Could you please help me on this.

    /usr/bin/ntop -i “eth0,eth1,eth2” -d -L -u ntop -P /var/ntop –skip-version-check –use-syslog=daemon
    Thu Sep 19 13:18:34 2013 NOTE: Interface merge enabled by default
    Thu Sep 19 13:18:34 2013 Initializing gdbm databases
    Thu Sep 19 13:18:34 2013 **ERROR** ….open of /var/ntop/prefsCache.db failed: Can’t be writer
    Thu Sep 19 13:18:34 2013 Possible solution: please use ‘-P ‘
    Thu Sep 19 13:18:34 2013 **FATAL_ERROR** GDBM open failed, ntop shutting down…
    Thu Sep 19 13:18:34 2013 CLEANUP[t3086771920]: ntop caught signal 2 [state=2]
    Thu Sep 19 13:18:34 2013 ntop is now quitting…

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.