What is NTOPNG?

Ntopng is a traffic monitoring tool with a focus on flows and statistics related to any traffic that goes through a server. It is the next generation of the original ntop, which monitors network usage. Ntopng is based on libpcap and can run on multiple environments such as Unix, Windows, and MacOS. Additionally, with ntopng, you get an intuitive, encrypted web interface which can be used to explore real-time as well as historical traffic data.

BENEFITS OF USING NTOPNG

  • It can show real-time network traffic and list all associated hosts
  • Produces analytical reports of several network metrics including throughput and application protocols
  • You can sort network traffic data based on several criteria such as throughput, IP address, port, L7 protocol and autonomous system (AS)
  • Provides analytics about top senders, receivers, top AS and top L7 applications
  • Includes TCP statistics such as retransmissions, packet loss, out of order packets etc
  • Can monitor live traffic throughput, network and application latencies, Round Trip Time (RTT)
  • Full support for IPv4 and IPv6
  • Full Layer-2 support (including ARP statistics)
  • Support for MySQL, ElasticSearch and LogStash export of monitored data
  • Interactive historical exploration of monitored data exported to MySQL
  • Alerts engine to capture anomalous and suspicious hosts
  • SNMP v1/v2c support and continuous monitoring of SNMP devices
  • Can report IP protocol usage sorted by protocol type
  • Produces HTML5/AJAX network traffic statistics
  • It can analyze IP traffic and sort it according to the source/destination
  • It can characterize HTTP traffic by leveraging on characterization services provided by Google and HTTP Blacklist
  • Can geolocate and overlay hosts in a geographical map
  • Discover application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
  • Stores disk-persistent traffic stats to allow for future analyze and post-mortem analyses

In today’s tutorial, we will show you how to setup ntopng in CentOS 7.

Prerequisite

  • A completely installed CentOS 7 server

NTOPNG INstallation

By default, ntopng is not available in the CentOS 7 repository. To get it, you will need to add the EPEL repository to your system by using the following command – sudo yum install epel-release

epel

Once this is executed, you need to create a ntop repository for stable builds. This requires the creation of file ntop.repo inside /etc/yum.repos.d directory. Once the file is created you can add the following contents to the file.

[ntop]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri
[ntop-noarch]
name=ntop packages
baseurl=http://www.nmon.net/centos-stable/$releasever/noarch/
enabled=1
gpgcheck=1
gpgkey=http://www.nmon.net/centos-stable/RPM-GPG-KEY-deri

Save the file and use the following command: yum -y update to update the repository and all installed packages. This would take some time to complete. Once this is completed, you can install ntopng by using the following command- yum –enablerepo=epel install redis ntopng

Installntopng

START Ntopng and redis services

Once ntopng is installed, you need to install the Redis package and start Redis server before starting ntopng. This can be installed using the following command – yum –enablerepo=epel install hiredis-devel

redis

To start Redis service and enable the service to start at boot time, you can use the following commands-

  • systemctl start redis.service
  • systemctl enable redis.service

Similarly to start ntopng and enable the service to start at boot time, you can use the following commands-

  • systemctl start ntopng.service
  • systemctl enable ntopng.service

 

Configure ntopng

Ntop will create a default configuration at /etc/ntopng/ntopng.conf.To check the ntopng status you can use the following command- systemctl status ntopng. In case you see any warning in the status, then you can remove the warning by editing the ntopong configuration file. Add the following line to the file and save the file.

  • -G=/var/tmp/ntopng.pid\

After the change, restart ntopng and check the status using the following commands-

  • systemctl restart ntopng
  • systemctl status ntopng

ALLOW NTOPNG THROUGH THE FIREWALL

The default port for Ntopng is 3000. In order to use this, you will have to add a firewall rule to allow access to ntopng from a remote machine. This can be done by using the following command- firewall-cmd –permanent –add-port=3000/tcp.

Reload the firewalld service using the following command- firewall-cmd –reload

This completes all the basic configurations, now you can access ntopng through a web browser using the URL http://<your IP address>:3000. The default login information is userName: admin and password: Admin.

From here on you can start using ntopng for network monitoring.

Facebooktwittergoogle_plusredditpinterestlinkedinmail