Apr 092009
 

ntop is a free opensource network traffic probe that shows the network usage. ntop is based on libpcap and can run on Linux/Unix and Windows operating system. ntop provides a very easy to use a web access to navigate through ntop traffic information and get a dump of the network status.

ntop shows the current network usage and displays list of hosts currently on the network and report IP and Fibre Channel (FC) traffic generated by the host. ntop supports TCP/UDP (HTTP/FTP,DNS,Telnet,SMTP etc),ICMP, ARP & RARP,IP/IPX,DLC, Decnet, Apple Talk, Netbios, FC (Control Traffic – SW2, GS3,ELS & SCSI)

Install ntop on openSUSE

To install ntop on openSUSE, click on one of the following 1-click installers based on the version of openSUSE operating system.

openSUSE 11.1

oneclick

openSUSE 11.0

oneclick

openSUSE 10.3

oneclick

This should launch YaST package manager and add requried repositories, install the required package and dependencies for ntop. Accept the defaults and follow the onscreen instructions to complete the installation. Once the installation is successfully completed, ntop will be installed under /usr/bin/

saihari:~ #which ntop

/usr/bin/ntop

When you run ntop (as a root user) for the first time, run ntop from a terminal window, this should initialize ntop and will let you set the password for the default ntop admin user (admin). Enter the password twice. By default the web interface is accessible from

http://localhost:3000

or

http://<ipaddress>:3000

Login with the user “admin” and password you just set.

Later on, you can start/stop/restart ntop as follows:

saihari:~ # rcntop start

Starting service ntop                 done

saihari:~ # rcntop stop

Stopping service ntop                 done

Quick Start with ntop

As soon as you logon to the web interface, everything becomes fairly straight forward as most if not all data shown in simple host/IP or protocol based tables and/or with nice grpahs, piecharts or graphs generated using the RRD Tools.

For instance,

Network Traffic (Host/Protocol) Unicast/Muticast Traffic

packet Sizes IP/Non-IP Traffic

TTLs Hops to Destinations

traffic-ports netactivity

ipsubnettraffic-matrix

If you would want to generate nice RRD Tools based graphs then it is important that RRD Tool (should be installed by default in openSUSE) and its RRD Tool devel packages, else ntop will report the following error at startup and disable the RRD Plugin which means no RRD based graphs.

**ERROR** RRD: Disabled – unable to create base directory (err 13, /usr/local/var/ntop/rrd)

To install RRD Tool and its devel package quickly from a terminal window,

saihari:~ # yast2 -i rrdtool rrdtool-devel

RRD Tool generated Graphs

RRD Tool generated Graphs

The plugin architecture makes it easy to allow enhanced features like

netFlow/sFlow support where ntop can be configured to be a flow probe or a collector

Last time packet seen for hosts

ICMP traffic data

Plugin Architecture

Plugin Architecture

Simply, click on the plugin (Yes/No) link to toggle between enable & disable from the Plugins menu.

You can also dump traffic data from ntop web interface

Dump Traffic Data

Dump Traffic Data

ntop has always been and will be so for long as a must have opensource tool for any network or system admin in any sized network or even on your home network. Click here to visit the project homepage.