Monday, June 18, 2012

Debian / Ubuntu Linux Install ntop To See Network Usage / Network Status

Q. How do I track my network usage (network usage monitoring) and protocol wise distribution of traffic under Debian Linux? How do I get a complete picture of network activity?

A. ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.
ntop is a hybrid layer 2 / layer 3 network monitor, that is by default it uses the layer 2 Media Access Control (MAC) addresses AND the layer 3 tcp/ip addresses. ntop is capable of associating the two, so that ip and non-ip traffic (e.g. arp, rarp) are combined for a complete picture of network activity.
ntop is a network probe that showsIn interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.Network Load Statistics

How do I install ntop under Debian / Ubuntu Linux?

Type the following commands, enter:
$ sudo apt-get update
$ sudo apt-get install ntop
Sample output:
Reading package lists... Done
Building dependency tree... Done
Suggested packages:
  graphviz
The following NEW packages will be installed:
  ntop
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/2859kB of archives.
After unpacking 12.1MB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package ntop.
(Reading database ... 27301 files and directories currently installed.)
Unpacking ntop (from .../ntop_3%3a3.2-8_amd64.deb) ...
Setting up ntop (3.2-8) ...
Starting network top daemon: Fri Jul 11 14:36:45 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:45 2008  Initializing gdbm databases
ntop

Set ntop admin user password

Type the following command to set password, enter:
# /usr/sbin/ntop -A
OR
$ sudo /usr/sbin/ntop -A
Sample output:
Fri Jul 11 14:36:52 2008  NOTE: Interface merge enabled by default
Fri Jul 11 14:36:52 2008  Initializing gdbm databases
ntop startup - waiting for user response!
Please enter the password for the admin user: [Type-yourPassord]
Please enter the password again:  [Type-yourPassord]
Fri Jul 11 14:36:59 2008  Admin user password has been set

Restart ntop service

Type the following command, enter:
# /etc/init.d/ntop restart
Verify ntop is working, enter:
# netstat -tulpn | grep :3000
ntop by default use 3000 port to display network usage via webbrowser.

How do I view network usage stats?

Type the url:
http://localhost:3000/
OR
http://server-ip:3000/

Sample ntop reports

ntop in action
(Fig.01: ntop Global TCP/UDP Protocol Distribution Graphs [click to enlarge])

(Fig.02: Network Load Statistics (click to enlarge])
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)