How to Install ntop on Linux?

ntop (Network Top) is a powerful, user-friendly network traffic monitoring tool that helps system administrators and network engineers visualize and analyze network traffic in real time. It provides detailed insights into network usage, bandwidth consumption, and traffic patterns, making it an essential tool for monitoring and troubleshooting network performance on Linux servers.

If you want to install and configure ntop on your Linux system, this step-by-step guide by Go4hosting will walk you through the process, covering installation, configuration, and basic usage.

What Is ntop?

ntop is an open-source network traffic probe that displays network usage using a web-based interface. It supports a wide variety of network protocols and is capable of monitoring both live network traffic and historical data.

There are two main versions:

• ntopng: The newer, actively maintained version with enhanced features and a modern web interface.
  

• ntop: The original legacy version (less commonly used now).
  

This guide focuses on installing ntopng, which is recommended for most use cases.

Prerequisites

Before installing ntopng, ensure your system meets the following requirements:

• A dedicated Linux server or VPS (Ubuntu, Debian, CentOS, RHEL, etc.).
  

• Root or sudo access to install packages.
  

• Basic knowledge of command-line operations.
  

• Network interface(s) to monitor.
  

• Internet access to download software packages.
  

Step 1: Update Your System

Before installing any new software, update your system's package list and upgrade existing packages to their latest versions.

For Debian/Ubuntu:

bash

CopyEdit

sudo apt update

sudo apt upgrade -y

For CentOS/RHEL:

bash

CopyEdit

sudo yum update -y

Step 2: Install Required Dependencies

ntopng requires some dependencies to be installed, including the Redis database, which it uses for data storage.

Debian/Ubuntu:

bash

CopyEdit

sudo apt install -y wget gnupg2 redis-server

CentOS/RHEL:

bash

CopyEdit

sudo yum install -y epel-release

sudo yum install -y wget redis

Enable and start the Redis service:

bash

CopyEdit

sudo systemctl enable redis

sudo systemctl start redis

Step 3: Add the ntop Repository

To install the latest version of ntopng, you should add the official ntop repository.

For Debian/Ubuntu:

First, import the repository GPG key:

bash

CopyEdit

wget https://packages.ntop.org/apt/ntop.key

sudo apt-key add ntop.key

Add the ntop repository to your sources list (for Ubuntu 22.04 example):

bash

CopyEdit

echo "deb https://packages.ntop.org/apt/22.04/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/ntop.list

Update package list:

bash

CopyEdit

sudo apt update

For CentOS/RHEL:

Download and install the ntop repository RPM:

bash

CopyEdit

sudo yum install -y https://packages.ntop.org/centos/ntop-release-latest.el7.noarch.rpm

sudo yum clean all

sudo yum update -y

Step 4: Install ntopng

With the repository added, you can now install ntopng.

Debian/Ubuntu:

bash

CopyEdit

sudo apt install -y pfring-dkms nprobe ntopng ntopng-data n2disk cento

CentOS/RHEL:

bash

CopyEdit

sudo yum install -y pfring nprobe ntopng cento n2disk

Note: Some components like nprobe and cento may require licenses for advanced features. The basic ntopng functionality works without them.

Step 5: Configure ntopng

Edit Configuration File

The main configuration file is located at:

bash

CopyEdit

/etc/ntopng/ntopng.conf

Common options to configure:

• -i : Network interface(s) to monitor (e.g., eth0).
  

• -w : Web interface port (default 3000).
  

• -m : Local network subnet for traffic analysis.
  

Example configuration to monitor eth0 and set the web interface to port 3000:

conf

CopyEdit

--interface=eth0

--http-port=3000

--local-networks="192.168.1.0/24"

You can edit this file using:

bash

CopyEdit

sudo nano /etc/ntopng/ntopng.conf

Make sure to replace eth0 and the subnet with your actual network interface and local network.

Step 6: Start and Enable ntopng Service

Enable the ntopng service to start on boot and start it immediately:

bash

CopyEdit

sudo systemctl enable ntopng

sudo systemctl start ntopng

Check service status:

bash

CopyEdit

sudo systemctl status ntopng

Step 7: Access the ntopng Web Interface

By default, ntopng�s web UI runs on port 3000. Open a web browser and navigate to:

cpp

CopyEdit

http://:3000

You will see the ntopng login screen.

Default Credentials:

• Username: admin
  

• Password: admin
  

Important: For security, change the default password after first login.

Step 8: Using ntopng

Once logged in, you can:

• View real-time network traffic stats.
  

• Analyze bandwidth usage by IP, protocol, or application.
  

• Monitor network flows and hosts.
  

• Generate detailed traffic reports.
  

Explore menus like:

• Hosts
  

• Flows
  

• Traffic
  

• Interfaces
  

Additional Tips and Troubleshooting

Allow Firewall Access

If your server firewall is enabled, allow traffic to port 3000:

For UFW (Ubuntu):

bash

CopyEdit

sudo ufw allow 3000/tcp

sudo ufw reload

For firewalld (CentOS/RHEL):

bash

CopyEdit

sudo firewall-cmd --add-port=3000/tcp --permanent

sudo firewall-cmd --reload

Monitor ntopng Logs

Logs are located at:

bash

CopyEdit

/var/log/ntopng/ntopng.log

Use logs to diagnose any issues.

Update ntopng

To keep ntopng updated:

bash

CopyEdit

sudo apt update && sudo apt upgrade -y   # Debian/Ubuntu

sudo yum update -y                        # CentOS/RHEL

Conclusion

Installing ntopng on Linux is a straightforward process that empowers you to monitor your network traffic effectively. Whether you are managing a Go4hosting VPS, dedicated server, or a cloud infrastructure, ntopng provides valuable insights to maintain network health, troubleshoot issues, and optimize bandwidth.

With this guide, you now know how to:

• Prepare your Linux system
  

• Add ntop's official repository
  

• Install and configure ntopng
  

• Access and use the web-based interface
  

Was this answer helpful? 0 0