Content

Setup ntopng on Centos 6

ntopng is a very powerful network traffic monitoring system. The interface has some awesome features like viewing of network traffic, including top hosts data, top flow talkers, application protocols in use, top flow senders data in live mode. Also using its web interface each and every node’s active flow can be viewed live.

1. Install EPEL/NTOP repo

Add EPEL repository by using wget command for download rpm file and then install it. If you have not installed wget then install it by using #yum install wget

Now download epel repository and install it using following commands

# cd ~
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

 Install epel repo

Once EPEL repository is installed, install NTOP repository.

# cd /etc/yum.repos.d/
# wget http://packages.ntop.org/centos/ntop.repo -O ntop.repo

2. Install Redis

Redis and Hiredis are the required packages for the installation.

# yum install redis hiredis

Install redis

3. Install the Application

Install along with other packages.

# yum clean all
# yum update
# yum install pfring n2disk nprobe ntopng ntopng-data cento nbox

Install ntop

4. Enable Auto startup

# chkconfig redis on
# chkconfig ntopng on

Enable ntop during startup

5. Configure Firewall

Configure firewall to allow traffic to port no 3000

# iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 3000 -j ACCEPT
# iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 6379 -j ACCEPT
# service iptables save
# service iptables restart

Configure iptables

6. Create configuration file

Now we will create a configuration files in /usr/local/etc/ntopng directory.

# cd /usr/local/etc
# mkdir ntopng
# cd ntopng
# nano ntopng.start

Put these lines :
–local-network “172.31.0.0”
–interface 0

# nano ntopng.pid

Put this line :
-G=/var/run/ntopng.pid

7. Run the application

# service redis start
# service ntopng start

Start ntopng

Check the log file

ntopng log file

8. Testing

Now you can test the application by typing http://demohost.com:3000 . You will see the login page.

ntopng login page

For the first time, you can use user ‘admin’ and password ‘admin’. You will be redirected to the dashboard.

NTOP dashboard

Now click active flows

NTOP active flows

Click GEOMap

NTOP geomap

Click tree

NTOP tree

Click autonomous system

Autonomous system ntopng

7.Configuring flow collector to receive flow from another device such as Cisco Router.

Edit the config file as shown and add the following line at the end of the file and save the file [ You may choose other port number , in this tutorial we use port 5559 ]

nano /etc/ntopng/ntopng.conf
-i=tcp://your-sender-ip-address:5559

Next we need to start the collector with the following command

nprobe –zmq “tcp://your-sender-ip-address:5559” =i none -n none –collector-port 2055

8.Cisco Router IP Flow Configuration Example

Global Configuration

config#ip flow-cache timeout active 1
config#ip flow-export source GigabitEthernet0/1
config#ip flow-export version 9
config#ip flow-export destination your-server-ip-address 2055

On the interface you want enable flow capturing so as to send it to the ntop server. [ This example illustrate using GigabitEthernet0/1]

config# interface GigabitEthernet0/1
config-if# ip flow ingress
config-if# ip flow egress

Congratulation! Your server should be now receiving flow data from your wan device for traffics analysis.

Was this article helpful to you?

DD2016

Comments are closed.