Sep 232010

ntopIn the previous article we saw wireshark, which allows, once activated, to capture packets in a given interface, in this article we’ll see ntop software that allows you to have similar information but also something more.

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a web browser (e.g. Firefox) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.


Ntop package is available on Ubuntu and Debian repository so you can install it with aptitude install ntop

if you want to install it on red hat or centos check out this guide


From terminal type ntop this will start ntop in Non-daemon mode, you’ll be prompted for a password, enter one of your choise.
After that use c to exit, and start ntop with sudo /etc/init.d/ntop start

Now open your browser and in the location write localhost:3000 you’ll get the ntop console:

From here you can display and manage completely Ntop.
Some useful options:
utils -> view log to display ntop log, really useful to check for error on the first start-ups, for example i’ve saw that ntop did not had the right permissions to write in the directory where he want to write the RRD files.
All Protocols -> Traffic show in a table all inbound and outbound traffic toward the top hostname you are contacting, detailed by protocolsntop protocols
ip -> Summary -> Traffic Show in a table all inbound and outbound TCP/IP traffic toward the top hostname you are contacting, detailed by service used.
ntop tcpip
Summary -> Traffic Display an huge amount of data and traffic informations, you’ll see here a lot of pie chart and historical chart
another great feature of Ntop is the possibility of narrow the time bye just clicking and keeping the left mouse pressed while you select a period of time:
Admin -> Configure from here you can setup variosu options of Ntop, or shutdown the daemon.

There are a lot more of information on Ntop, if you need a daemon that collect any possible information this is the software for you.

Popular Posts:

Flattr this!

  One Response to “Ntop for Network analysis”

  1. […] abbiamo visto due strumenti che offrono un output delle nostre analisi in formato grafico (ntop e wireshark), oggi invece vedremo alcuni strumenti utilizzabili da linea di comando: Ping, telnet, […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>