Install Ntopng on Ubuntu 20.04 LTS

Ntopng is a web based traffic monitoring software that reports traffic statistics of the connected networks. It does not actively interfere in the network traffic but passively captures network traffic. It can monitor from small to large networks. It gives you detailed information on bandwidth utilization, protocols, apps, and also deep insights into network traffic. It can be installed and used on Linux, Windows, MacOS, and FreeBSD.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Linux system monitoring queries.

In this context, we shall look into how to Install Ntopng on Ubuntu 20.04 LTS.


Features of Ntopng includes:

  • It will be possible to monitor and obtain real-time performance reports, network and application latencies, round-trip time (RTT), TCP statistics with details of retransmissions, obsolete packets or packet loss, and bytes and packets transmitted .
  • It will be possible to classify network traffic using various criteria such as IP address, port, L7 protocol, performance, autonomous systems (AS) and many more.
  • It displays the real-time network traffic and active hosts of that network.
  • Support for MySQL, ElasticSearch and LogStash to carry out export tasks of the monitored data.
  • SNMP v1 / v2c support and continuous monitoring of SNMP devices.
  • It allows you to identify HTTP traffic using the characterization services provided by Google and HTTP Blacklist.
  • Full support for IPv4 and IPv6.
  • Supports Full Layer-2.
  • Stores persistent traffic statistics on disk to facilitate future exploration and access to hosted data.
  • It generates several network metrics, including performance and application protocols.
  • You can geolocate and superimpose hosts on a geographic map.
  • It will be possible to analyze IP traffic and route it according to the source or destination.
  • Supports creating network traffic statistics in HTML5 / AJAX formats.
  • It has an alert engine to capture anomalous and suspicious hosts thus increasing security.


Steps to install Ntopng on Ubuntu

Ntopng is not included in the Ubuntu OS repositories. We will need to add ntop official repository to our system's repository available at the ntop.org website.

So We need to follow the below outlined steps.

1. Start by installing some prerequisites using the command below:

$ sudo apt install software-properties-common wget

Enter sudo password and if it prompts for confirmation, hit y and then Enter to confirm. After that, prerequisites will be installed on your machine.

2. Then add the Universe repository using the below command:

$ sudo add-apt-repository universe

3. Visit ntop.org Download page to download the Ntopng repository for Ubuntu or use the below command to download ntop repository for Ubuntu 20.04 via command line:

$ wget https://packages.ntop.org/apt/20.04/all/apt-ntop.deb

4. Now install the ntop repository using the below command:

$ sudo dpkg –i apt-ntop.deb

5. Once the installation is completed, update the local repository index:

$ sudo apt update

Now the ntop repository has been added to your system's local repository.

6. Run the below command to install ntop packages:

$ sudo apt install pfring-dkms nprobe ntopng cento n2disk

If it prompts for confirmation, hit y and then Enter to confirm. After that, ntop packages will be installed on your system.


How to configure Ntopng ?

The default configuration file of Ntopng is ntopng.conf which you can find at /etc/ntopng. You can edit this file by running the below command:

$ sudo nano /etc/ntopng/ntopng.conf

Modify the configurations as follows:

-G=/var/run/ntopng.pid
-i=<interface_name
-w=3000

Then, Save the ntopng.conf file and close it.


Ntopng service starts automatically after installation. However, after making any changes in the configuration file, you will need to restart its service using the command below:

$ sudo systemctl restart ntopng

If you want to automatically start ntopng service at boot, use the command below:

$ sudo systemctl enable ntopng

To verify if the ntopng has been started and running, use the command below:

$ sudo systemctl status ntopng


How to Launch Ntopng Web Interface ?

To access ntopng web interface, go to http://ip-address:3000 in your browser's address bar. It will open the Welcome page on the browser. Login to ntopng using the default admin (username and password is admin).

After login, you will be asked to change your password for the admin. Set a password and click Change Password.

Now you will see ntopng Dashboard.


How to Uninstall ntopng from your Ubuntu Linux system ?

In case, you no longer need ntopng and its packages, you can uninstall them with the below command:

$ sudo apt remove pfring-dkms nprobe ntopng cento n2disk

[Need assistance in Configuring Nginx on Ubuntu ? We can help you. ]

This article covers how to install ntopng on Ubuntu OS and access its web interface. In fact, Ntopng is an essential application for monitoring and troubleshooting network problems.


More about Ntopng

Ntopng basically is a network traffic probe that will monitor network usage. It is based on libpcap, a Library written as part of a larger program called TCPDump. Ntopng is based on Redis key value server rather than traditional database, leverages nDPI for protocol discovery, supports host geolocation, and can display real-time flow analysis for connected hosts.


Main Features of Ntopng:

  • Packet capture → Packet capture / transmission using basic hardware with PF_RING. Zero-copy package distribution across threads, applications, and virtual machines. Includes Libpcap support for seamless integration with legacy applications.
  • Traffic recording → Lossless network traffic recording of 10 Gbit and above with n2disk. Industry standard PCAP file format. It allows to quickly retrieve packages using BPF. Accurate traffic reproduction with disk2n.
  • Network probe → nProbe- NetFlow v5 / v9 / IPFIX extensible probe with plug-in support for L7 content inspection.
  • Report on the use of the IP protocol → Even going so far as to classify it by type of protocol.
  • Traffic analysis → High speed web based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis leveraging nDPI, an open source DPI framework. Even going so far as to classify the traffic according to the source / destination.
  • Geolocate and Overlay Hosts → This will be done on a geographic map.
  • Alert engine → We can capture anomalous and suspicious hosts.
  • Produce network traffic statistics → Using HTML5 / AJAX technology.
  • We will have full support for current network protocols → Including IPv4 and IPv6.

Related Posts