Hackosis is an Open Blog. You Can Participate.

  • 22
  • Jan

Ntop Logo
Not the official ntop logo - icon courtesy of Tango Desktop Project

Forget about tools like lsof and netstat for trouble shooting and analyzing network traffic. Ntop blows everything else away. It comes jam packed with a web interface and outputs more data than you can shake a stick at. Ntop analyzes everything about how, where, when, and what your PC is connecting to on the internet.

I am running Linux Mint — installation is a cinch. This procedure should be the same on Ubuntu and other Debian based distributions. Make sure you have the universe repositories enabled.

sudo apt-get install ntop

The above will install ntop, now set a password:

sudo ntop --set-admin-password

Start ntop with the following command:

sudo ntop -u ntop -d -i eth0


Be sure to replace eth0 with the adapter you would like to monitor. In my case it is wlan0.

NOTE: Ntop is now running as a daemon in the background of your PC. Personally, I wouldn’t make it a practice to leave this running — it can take up a lot of RAM.

That was simple enough. If all goes well, you will now be able to access the web interface:

http://localhost:3000

Take a look around, there is a wealth of information on everything you are connecting to, the protocols being used, and bandwidth statistics.

Some highlights:

Ntop Screenshot 7

Ntop Screenshot 6

Ntop Screenshot 5

Ntop Screenshot 4

Ntop Screenshot 3

Ntop Screenshot 2

Ntop Screenshot 1

See more screenshots at the ntop website.

There are many uses for Ntop besides monitoring your personal network connections. You might install ntop onto a Linux bridge and monitor a whole entire network, trouble shoot connectivity issues, identify security hazards, OS identification, and the list goes on and on. Ntop is an essential tool for any network administrator to analyze and plan for future growth. It is also a perfect addition to bandwidth management setups.

Know any other cool ways to monitor network traffic? Let us know in the comments.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Related Posts


Tags: , , , ,

Like this post? Subscibe to the RSS feed.


5 Comments

  1. hictio Says:
    January 22nd, 2008 at 11:16 pm

    There is also ‘iftop‘, which is not as pretty, but it is way faster, it doesn’t use any RAM, and it gives you the output in real time.

  2. Shane Says:
    January 23rd, 2008 at 8:49 am

    Hey hictio. Thanks for the tip; I will check it out.

  3. hictio Says:
    January 23rd, 2008 at 10:19 am

    Here you can see an old screenshot of mine: iftop running on Terminal

  4. oleg Says:
    May 10th, 2008 at 8:36 pm

    wireshark

    sudo apt-get install wireshark

  5. Shane Says:
    May 10th, 2008 at 9:06 pm

    Oleg, thx for stopping by — and yes, wireshark is a great program. Although I believe ntop is serving a purpose in it’s own right.

    Think of ntop = wireshark + WebGUI + reporting engine + bandwidth monitoring…

    ;)

Leave a Comment