Skip to content

Instantly share code, notes, and snippets.

@JosefJezek
Last active December 17, 2020 15:50
Show Gist options
  • Save JosefJezek/7908859 to your computer and use it in GitHub Desktop.
Save JosefJezek/7908859 to your computer and use it in GitHub Desktop.
How to use ntop

How to use ntop

Scripting ntopng with Lua

Install on Ubuntu

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:cavedon/ntop
sudo apt-get update
sudo apt-get install ntopng

sudo vi /etc/default/ntopng
INTERFACES="eth1"

OR

wget http://www.nmon.net/packages/ubuntu/x64/ntopng/ntopng_1.1.2-7258_amd64.deb

apt-get install redis-server rrdtool
dpkg -i ntopng_*.deb

touch /etc/ntopng/ntopng.start
mkdir /usr/local/ntopng
chown nobody:root /usr/local/ntopng

vi /etc/ntopng/ntopng.conf
--data-dir=/usr/local/ntopng
--local-networks="192.168.0.0/16,10.0.0.0/8"
--interface=eth1
--dns-mode=1
--disable-login
--packet-filter="ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) and not host 192.168.1.100"
--daemon
--http-port=3000
-G=/var/tmp/ntopng.pid
-c 9hoAtewwpC2tXRMJBfifrY24B
--sticky-hosts=local

wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz

gunzip Geo*
mv Geo*.dat /usr/local/share/ntopng/httpdocs/geoip/
ufw allow 3000/tcp
service ntopng start

cron.monthly - ntop-update-geodb

#!/bin/bash
mkdir -p /tmp/ntopng 2>/dev/null
cd /tmp/ntopng 2>/dev/null
wget -q http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz 2>/dev/null
wget -q http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz 2>/dev/null
wget -q http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz 2>/dev/null
wget -q http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz 2>/dev/null
gunzip GeoIPASNum.dat.gz GeoIPASNumv6.dat.gz GeoLiteCity.dat.gz GeoLiteCityv6.dat.gz 2>/dev/null
mv GeoIPASNum.dat GeoIPASNumv6.dat GeoLiteCity.dat GeoLiteCityv6.dat /usr/local/share/ntopng/httpdocs/geoip/ 2>/dev/null
service ntopng restart

Setup

Cron

0 0 * * * /usr/bin/service ntopng restart

Promisc mode

ifconfig eth1 promisc

CentOS

/etc/sysconfig/network-scripts/ifcfg-ethX
BOOTPROTO=static
DEVICE=ethX
ONBOOT=yes
TYPE=Ethernet
PROMISC=yes
USERCTL=no

Ubuntu

/etc/network/interface
iface eth0 inet manual
up ifconfig $IFACE 192.168.1.100 up
up ip link set $IFACE promisc on
Interface without IP
iface eth0 inet manual
      pre-up ifconfig $IFACE up
      post-down ifconfig $IFACE down
      up ip link set $IFACE promisc on

Apache proxy

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName ntop.example.com
    ServerAlias ntop

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests Off
    RewriteEngine On

    ProxyPass / http://localhost:3000/ retry=0 timeout=5
    ProxyPassReverse / http://localhost:3000/

    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>

nProbe

@ingria
Copy link

ingria commented Jun 26, 2017

What's the point in using promisc mode?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment