Tutorial-9122023

How to Install Ntopng to Monitor Network Traffic on Debian 11

How to Install Ntopng to Monitor Network Traffic on Debian 11

Are you a system administrator or network engineer looking for a lightweight, easy-to-use, cross-platform network monitoring tool?  Well, then Ntopng might be the tool you are looking for.

Ntopng is an open-source network monitoring tool that monitors real-time network traffic from a web interface. Ntopng is the next-generation edition of the original ntop. It is a cross-platform tool available on nearly all operating systems, including Windows, Unix/Linux, macOS, and BSD.

Ntopng offers many features like:

  • Traffic filtering and sorting according to their source and destination
  • Supports various protocols, including TCP, UDP, SMTP, ICMP, ARP, FTP, Netbios, SSH, Telnet, and many more
  • Provide Geolocation of IP addresses
  • Generates alerts and notifications while detecting unusual network behavior
  • Easily navigate and visualize traffic data from the web interface
  • Support encrypted network traffic analysis
  • Discover the application protocols (YouTube, Facebook, BitTorrent etc.) using Deep Packet Inspection technology.

In this article, you will learn how to install Ntopng on Debian 11.

Step 1: Prerequisites

  • A system is running Debian 11.
  • A user with sudo privileges

Step 2: Update the system

Before you start the installation, It is recommended to update your Debian base system by executing the following command:
sudo apt update -y
sudo apt upgrade -y

Step 3: Configure Ntopng repository:

Ntopng is not a part of the default Debian 11 repository, So you need to configure Ntopng repository on your Debian system, to do so, run the following command:
wget http://apt.ntop.org/buster/all/apt-ntop.deb
sudo dpkg -i apt-ntop.deb

The above command will add “ntop.list” repository on your system. Next, apply the repository changes by executing the below command:
sudo apt update -y

Step 4: Install and Configure Ntopng

Run the below command on the terminal to install Ntopng package with the required dependencies:
Sudo apt install ntopng pfring-dkms nprobe n2disk cento -y

Ntopng listens on port 3000 by default. You can configure your network interface, and change the default port number and other settings by editing ntop.conf
sudo vim /etc/ntopng/ntopng.conf

Now, make the changes as per your system interface name. Here, you can specify more than one interface name.
#   -i|--interface

#    Specifies the network interface or collector endpoint to be used by ntopng for network.
-i=eth0

# -i=eth2

#    Sets the HTTP port of the embedded web server.

-w=3000

Save and Close the file once you have made the necessary changes.

You can give Network IP range in a separate file. Create a new file called ntopng.start in the Ntopng root directory.
sudo vim /etc/ntopng/ntopng.start

Add your network IP range as shown below:
--local-networks "192.168.0.0/24"  ## give your local IP Ranges here.

--interface 1

Save and Exit the file. You need to restart Ntopng service to apply the configuration changes:
systemctl restart ntopng

Next, start Ntopng service at a boot time and then verify the service status using the below command:
sudo systemctl enable ntopng
sudo systemctl status ntopng

Output:
ntopng service - ntopng high-speed web-based traffic monitoring and analysis tool

Loaed: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-02-28 16:45:28 UTC; 1min 0s ago
Process: 15335 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a resto
Process: 15350 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
Process: 15352 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, s
Process: 15354 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$|^[ ]*-G.*|^[ ]*--daemon.*|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/nt

   Main PID: 15356 (ntopng-main)
   Tasks: 24 (limit: 525)
  Memory: 140.6M
     CPU: 9.146s
  CGroup: /system.slice/ntopng.service
          ??15356 /usr/bin/ntopng /run/ntopng.conf

Feb 28 16:45:29 debian11 ntopng[15356]: 28/Feb/2023 16:45:29 [startup.lua:35] Processing startup.lua: please hold on...
Feb 28 16:45:30 debian11 ntopng[15356]: 28/Feb/2023 16:45:30 [startup.lua:120] [lists_utils.lua:827] Refreshing category lists...

You can verify Ntopng service on your system with the following command:
sudo ss -tnlp | grep ntopng

The output should be similar to the following:
LISTEN 0   4096    0.0.0.0:3000  0.0.0.0:*  users:(("ntopng-main",pid=15356,fd=37))

Step 5: Access the Ntopng from a web browser

Open your web browser and write the URL http://your-server-ip:3000. Kindly note that you need to replace your system IP address followed by the port number, and you will be redirected to the Ntopng login page:

Enter the default username and password as admin/admin, and click on the Login button. You should see the following screenshot:

Set a new password and click the “Change Password” button. You should see the Ntopng default dashboard page as shown in the below screenshot:

Next, Click on the Hosts > Hosts option from the left side, and you see a list of available hosts for your network.

You can also check your network interface details from the left pane by clicking on interface > Details option.

 Conclusion

Congratulations! You have installed Ntopng on your Debian 11. Ntopng provides many other options that can be very useful for real-time network monitoring and generating alerts. You can see system information and also configured alert endpoint. You are welcome to ask me if you have any questions.

Add Comment

Click here to post a comment