Saturday, June 29, 2013

Ntop Ubuntu

NTOP is a network monitor. It has a web interface for viewing statistics. It displays a list of hosts that are currently using the network and reports information concerning the Internet Protocol and Fibre Channel traffic generated by each host. The traffic is sorted according to host and protocol. Protocols include: 

  • TCP/UDP/ICMP
  • (R)ARP
  • IPX
  • DLC
  • Decnet
  • AppleTalk
  • Netbios
  • TCP/UDP
    • o FTP o HTTP o DNS o Telnet o SMTP/POP/IMAP o SNMP o NFS o X11
  • Fibre Channel
    • o Control Traffic - SW2, GS3, ELS o SCSI
(In human-readable, this means you can very comprehensively monitor your network traffic, connections & bandwidth via a web output)

Installation

Packages needed for installation are: 
ntop
You can just type the following to install it (make sure you enable the Universe repositories): https://help.ubuntu.com/7.10/add-applications/C/extra-repositories.html 
sudo apt-get install ntop -y

Compiling ntop from source or SVN

The ntop source can be retrieved from Ubuntu's servers using a command like: 
apt-get source ntop
which will unpack the source package into the current working directory with a name like ntop-3.3.10. You can also follow the instructions at ntop.org to retrieve the latest version from SVN (trunk): 
svn co https://svn.ntop.org/svn/ntop/trunk/ntop
Most of the packages which will be required to build ntop from source on an Ubuntu 9.10 (Karmic) can be retrieved with the following command: 
sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev
You must first run ./autogen.sh in the ntop directory to create the configure script, Makefiles, and such, as described here. The configure script is pretty good about telling you which dependencies are missing, if any. Don't forget you can pass configure options to autogen.sh, as in: 
./autogen.sh --prefix=/usr/local/stow/ntop-svn
References:
  1. http://www.ntop.org/download.html
  2. http://www.gnu.org/software/stow/ - helps manage source packages without sullying /usr/bin, /usr/share, and so on

Configuration

When first installing & configuring the ntop application you need to set an admin password. 
sudo ntop --set-admin-password
restart the service with 
sudo /etc/init.d/ntop restart

Fixing "Physical Host Location" feature (mapper.pl)

The link to http://www.ntop.org/cgi-bin/mapper.pl for physical host locations (the compass icon in traffic listings) is broken (Error 404) as of this writing (2010-07-01). This affects ntop package version 3.3-11ubuntu1 for Karmic (9.10).
Check this space for a workaround using a local http server and links to relevant Launchpad bug reports.

Status of host location mapping in SVN (reported as of SVN revision 4304)

The issue with the dead mapper.pl link is resolved in the latest SVN, as of this writing (2010-07-02). The host location results com from http://geotool.servehttp.com instead, a service of MaxMind, who provide the libgeoip1 library also used in ntop.

Access

On yur local machine

To access your network statistics via the web visit the web address:
http://localhost:3000

Access from an external network with apache reverse proxy

Attention: Only for experienced users. It has cost me two days to find a completely working solutions, and in some parts, I still can't figure out why exactely this configuration is working.
If you do not want to open port 3000 in your firewall, you can use apache's reverse proy module to allow access to ntop.
Enable the proxy module: 
sudo a2enmod proxy_http
Edit your site's configuration in /etc/apache2/sites-enabled/your-site and add this code (don't forget to replace all occurences of your.domain.com with your real domain). 
<VirtualHost *:80>
    # keep the existing entries
    ...

    # add here
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests       Off
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} your.domain.com/ntop
    RewriteCond %{REQUEST_URI} !^/ntop/
    RewriteRule ^/(.*)$ https://your.domain.com/ntop/$1 [L,R=permanent]

    RewriteCond %{REQUEST_URI} ^/ntop/
    RewriteRule ^/ntop/(.*)$ http://localhost:3000/$1 [L,P]

    <Location /ntop>
        ProxyPass          http://localhost:3000
        ProxyPassReverse   http://localhost:3000
    </Location>
</VirtualHost>
Restart your server 
sudo service apache2 restart
And it should work.

Links

http://www.ntop.org/

Segfaults

The packaged version of ntop in Lucid 10.04 is plagued with segfaults. You will be using ntop and it just cuts out in the middle of your session. There is luckily a way around this, that is easier than the SVN method.
Thanks to Sylvain Garcia who has packaged the newest version of ntop in a PPA to install just do the following from a terminal:
sudo apt-add repository ppa:sylvain-garcia
note: aptitude, used in the following set of commands, is no longer included in the default install of Ubuntu due to trying to fit into a 700mb cd. You can easily install aptitude with
apt-get install aptitude
If you have already installed ntop:
sudo aptitude update && sudo aptitude safe-upgrade
If you haven't yet installed ntop:
sudo aptitude update && sudo aptitude install ntop
Next there is one setting missing in the Ubuntu build of ntop. It's easy enough to change. (note nano is the default editor for Ubuntu. You may use of course any editor you prefer.)
sudo nano /etc/init.d/ntop
CTRL+_ 96 (that's an underscore, the command in nano to go to a specific line)
In the line that reads:
  • start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \ -d -L -u $USER -P $HOMEDIR \
add -b so that it now reads:
  • start-stop-daemon --start --quiet --name $NAME --exec $DAEMON -- \
    -d -b -L -u $USER -P $HOMEDIR \
CTRL+O CTRL+X (save and quit in nano)
sudo service ntop restart
now browse to localhost:3000 and have fun with ntop

Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)