Are you a system administrator or network engineer seeking a lightweight, user-friendly, cross-platform network monitoring tool? If so, Ntopng might be the solution you’re looking for.
Ntopng is an open-source network monitoring tool that provides real-time insights into network traffic through a web interface. It’s the next-generation version of the original ntop, compatible across major operating systems, including Windows, Unix/Linux, macOS, and BSD.
Ntopng offers a suite of powerful features such as:
- Traffic filtering and sorting based on source and destination
- Support for various protocols like TCP, UDP, SMTP, ICMP, ARP, FTP, Netbios, SSH, Telnet, and more
- Geolocation of IP addresses
- Alert generation and notification for unusual network behavior
- Intuitive navigation and traffic data visualization via a web interface
- Encrypted network traffic analysis
- Application protocol discovery (e.g., YouTube, Facebook, BitTorrent) using Deep Packet Inspection technology
This guide will walk you through the installation of Ntopng on Debian 11.
Step 1: Prerequisites
- A system running Debian 11
- A user with sudo privileges
Step 2: Update the System
It’s advisable to update your Debian base system before installation. Execute the following commands:
sudo apt update -y
sudo apt upgrade -y
Step 3: Configure the Ntopng Repository
Since Ntopng is not included in the default Debian 11 repository, you need to add the Ntopng repository to your system. Run the following commands:
wget http://apt.ntop.org/buster/all/apt-ntop.deb
sudo dpkg -i apt-ntop.deb
This command adds the “ntop.list” repository to your system. Apply the repository changes with:
sudo apt update -y
Step 4: Install and Configure Ntopng
Install the Ntopng package along with its dependencies using:
sudo apt install ntopng pfring-dkms nprobe n2disk cento -y
Ntopng listens on port 3000 by default. You can customize the network interface, change the default port, and modify other settings in the ntop.conf file:
sudo vim /etc/ntopng/ntopng.conf
Modify the file according to your system’s interface name. Multiple interface names can be specified.
# -i|--interface # Specifies the network interface or collector endpoint to be used by ntopng for network. -i=eth0 # -i=eth2 # Sets the HTTP port of the embedded web server. -w=3000
Save the changes and close the file. Define your network IP range in a separate file named ntopng.start in the Ntopng root directory:
sudo vim /etc/ntopng/ntopng.start
Add your network IP range as shown below:
--local-networks "192.168.0.0/24" ## give your local IP Ranges here. --interface 1
Save and exit the file. Restart the Ntopng service to apply the configurations:
sudo systemctl restart ntopng
Enable Ntopng to start on boot and check its status with:
sudo systemctl enable ntopng
sudo systemctl status ntopng
Expected output:
ntopng service - ntopng high-speed web-based traffic monitoring and analysis tool
Loaded: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-02-28 16:45:28 UTC; 1min 0s ago
Process: 15335 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore && /usr/bin/ntopng-utils-manage-config -a resto
Process: 15350 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
Process: 15352 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, s
Process: 15354 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/nt
Main PID: 15356 (ntopng-main)
Tasks: 24 (limit: 525)
Memory: 140.6M
CPU: 9.146s
CGroup: /system.slice/ntopng.service
??15356 /usr/bin/ntopng /run/ntopng.conf
Feb 28 16:45:29 debian11 ntopng[15356]: 28/Feb/2023 16:45:29 [startup.lua:35] Processing startup.lua: please hold on...
Feb 28 16:45:30 debian11 ntopng[15356]: 28/Feb/2023 16:45:30 [startup.lua:120] [lists_utils.lua:827] Refreshing category lists...
Use the following command to verify if Ntopng is running:
sudo ss -tnlp | grep ntopng
Your output should look like this:
LISTEN 0 4096 0.0.0.0:3000 0.0.0.0:* users:(("ntopng-main",pid=15356,fd=37))
Step 5: Access Ntopng from a Web Browser
Open your web browser and enter the URL http://your-server-ip:3000. Replace your-server-ip with your actual server IP. You’ll be redirected to the Ntopng login page:
Enter the default username and password as admin/admin and click on the Login button. You should see the following screen:
Set a new password and click the “Change Password” button. You should then see the Ntopng default dashboard:
Next, click on the Hosts > Hosts option from the left side to see a list of available hosts in your network.
You can further view your network interface details by selecting the interface > Details option on the left pane.
Conclusion
Congratulations! You have successfully installed Ntopng on Debian 11. Ntopng provides numerous options for real-time network monitoring and alert generation. Feel free to explore system information and configured alert endpoints. If you have any questions, don’t hesitate to ask.
FAQ
- What is Ntopng?
- Ntopng is an open-source network monitoring tool for tracking and analyzing network traffic in real-time.
- Can I use Ntopng on operating systems other than Debian?
- Yes, Ntopng is cross-platform and can be installed on Windows, various Unix/Linux distributions, macOS, and BSD systems.
- What are the default login credentials for Ntopng?
- The default username and password for Ntopng are ‘admin/admin’.
- Can I change the port Ntopng listens on?
- Yes, you can change the default port 3000 by editing the ntop.conf file.
- How do I ensure Ntopng starts on boot?
- Use the command
sudo systemctl enable ntopngto set Ntopng to launch on boot.