5/25/2023 0 Comments Ntopng monitoring![]() Remember to press the “Set Port” button after! You will be shown the netflow configuration. You should now be able to open a browser and browse to Once there, on the top menu, select Plugins > Netflow and select “activate”. i : interface to listen on (in our case, “none”, else ntop will listen on eth0 by default) Next, we run ntop as root, not listening on any of the server’s interfaces, and running a web server on port 8080. Then, close the ntop program by pressing ctrl+C. Enter your password of choice, and wait until the output stops scrolling across the screen. ![]() This is a necessary first step since you will be prompted to enter the admin password. First, the obligatory apt-get command to install the program: I am only interested in setting up Ntop as a netflow receiver and graphing those results. In this particular case, I will disable Ntop listening on an interface and will not feed Ntop any pcap files. Ntop usually works by listening on an interface, and parsing packet capture files to display the results in a nice graph format. It’s free, open source and easy to setup. There are several Netflow collectors out there, but my favourite is by far Ntop ( ). this allows for easier troubleshooting such as helping to identify worms, or P2P usage, and so on. This is much more granular and informative than the simple interface utilization that SNMP offers. Apart from seeing link usage, netflow also allows the admin to see which protocols, ports and hosts are being used. If you are the admin of a cisco (and sonicwall now in the newer firmware) network, NetFlow is a good and easy way of gathering insight into what exactly is passing through your cisco.
0 Comments
Leave a Reply. |