Monitor) Configuration in debian
What is ntop?
ntop is a network traffic probe that shows the network usage,
similar to what the popular top Unix command does. ntop is based
on libpcap and it has been written in a portable way in order to
virtually run on every Unix platform and on Win32 as well.
Unix (including Linux, *BSD, Solaris, and MacOSX)
Win32 (Win95 and above)
Download ntop for Linux,Unix and
Integrating ntop with NetFlow
Integrating ntop with RRD
Install ntop in debian
#apt-get install ntop
During the setup it will ask you to select the interface nTop
will listen on (i.e. put in promiscuous mode). Note that it says
that you can enter a comma-separated list of interfaces so you
could install multiple NICs in a system and monitor multiple LAN
segments on the same system.
Accept the ntop user name by hitting Enter. After the program is
set up you'll see the message:
device eth0 entered promiscuous mode
A few seconds later you'll see the message:
device eth0 left promiscuous mode
The NIC dropping out of promiscuous mode indicates a problem.
Here the "problem" is that we need to set a password for the
nTop account we created during the nTop installation (that the
daemon uses). To do that, enter the command
# ntop --set-admin-password
The uppercase A switch is for setting the program's Admin
password. After entering (and re-entering) a password, reboot
the system. Just before the login prompt appears you'll see that
the NIC has again gone into promiscuous mode. But now, if you
were to wait and watch, it would not drop out of promiscuous
mode as it did before. There is no need to log into the system
because nTop runs as a daemon.
Now that nTop is configured and running, just point a Web
browser at port 3000 on the Debian system. For example, if the
Debian system's IP address is 10.2.0.20 then you'd type in the
following in the address bar of a browser running on a system on
the same network:
If you want to start and stop ntop run the
If have any problems you need to check the readme
file located at /usr/share/doc/ntop/README.Debian
this file details as follows
ntop admin password need to be set:
When ntop is installed at the first time, you MUST set the
password for ntop (user 'admin'). You do that by running ntop
with the option
-A (or --set-admin-password) as root.
# ntop --set-admin-password
It will prompt you for the password and then exit. Now start the
# /etc/init.d/ntop start
Note that you can not run ntop as a user as it need full access
devices and only root have such access. After it has got that
will change user to ntop or whatever you have configured it to.
to make sure that the user have access files in /var/lib/ntop.
normally fixed by the installation script but it may fail.
Ntop will be started at every reboot when the admin password has
ntop protocol list:
If you start ntop in daemon mode with the supplied init script
automatically use /etc/ntop/protocol.list to choose which TCP
should be monitored. The format of this file is simply:
where label is used to symbolically identify the <protocol
format of <protocol list> is <protocol>[|<protocol>], where
is either a valid protocol specified inside the /etc/services
a numeric port range (e.g. 80, or 6000-6500).
Dennis Schoen (Mon Dec 17 14:10:25 CET 2001)
log and rotation:
Logs are placed in /var/log/ntop/ and will be rotated every
log rotation will restart the ntop server which will reset the
statistics. If you want to keep the statistics you have to edit
the /etc/logrotate.d/ntop file.
Option names may have been changed between ntop versions. You
change them in /etc/default/ntop or rerun the configuration