ntop (Bandwidth Monitor) Configuration in debian

What is ntop?

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

Supported Platforms

Unix (including Linux, *BSD, Solaris, and MacOSX)
Win32 (Win95 and above)

Download ntop for Linux,Unix and Windows

Integrating ntop with NetFlow

Integrating ntop with RRD

ntop Documentation

Install ntop in debian

#apt-get install ntop

During the setup it will ask you to select the interface nTop will listen on (i.e. put in promiscuous mode). Note that it says that you can enter a comma-separated list of interfaces so you could install multiple NICs in a system and monitor multiple LAN segments on the same system.

Accept the ntop user name by hitting Enter. After the program is set up you'll see the message:

device eth0 entered promiscuous mode

A few seconds later you'll see the message:

device eth0 left promiscuous mode

The NIC dropping out of promiscuous mode indicates a problem. Here the "problem" is that we need to set a password for the nTop account we created during the nTop installation (that the daemon uses). To do that, enter the command

#ntop -A


# ntop --set-admin-password

The uppercase A switch is for setting the program's Admin password. After entering (and re-entering) a password, reboot the system. Just before the login prompt appears you'll see that the NIC has again gone into promiscuous mode. But now, if you were to wait and watch, it would not drop out of promiscuous mode as it did before. There is no need to log into the system because nTop runs as a daemon.

Now that nTop is configured and running, just point a Web browser at port 3000 on the Debian system. For example, if the Debian system's IP address is then you'd type in the following in the address bar of a browser running on a system on the same network:

If you want to start and stop ntop run the following commands

#/etc/init.d/ntop stop

#/etc/init.d/ntop start

If have any problems you need to check the readme file located at /usr/share/doc/ntop/README.Debian this file details as follows

ntop admin password need to be set:

When ntop is installed at the first time, you MUST set the administration
password for ntop (user 'admin'). You do that by running ntop with the option
-A (or --set-admin-password) as root.

# ntop --set-admin-password

It will prompt you for the password and then exit. Now start the ntop

# /etc/init.d/ntop start

Note that you can not run ntop as a user as it need full access to the
devices and only root have such access. After it has got that access it
will change user to ntop or whatever you have configured it to. You have
to make sure that the user have access files in /var/lib/ntop. This is
normally fixed by the installation script but it may fail.

Ntop will be started at every reboot when the admin password has been set.

ntop protocol list:

If you start ntop in daemon mode with the supplied init script it will
automatically use /etc/ntop/protocol.list to choose which TCP Protocols
should be monitored. The format of this file is simply:

<label>=<protocol list>

where label is used to symbolically identify the <protocol list>. The
format of <protocol list> is <protocol>[|<protocol>], where <protocol>
is either a valid protocol specified inside the /etc/services file or
a numeric port range (e.g. 80, or 6000-6500).

Dennis Schoen (Mon Dec 17 14:10:25 CET 2001)

log and rotation:

Logs are placed in /var/log/ntop/ and will be rotated every week. The
log rotation will restart the ntop server which will reset the ntop
statistics. If you want to keep the statistics you have to edit or delete
the /etc/logrotate.d/ntop file.

upgrade notes:

Option names may have been changed between ntop versions. You can either
change them in /etc/default/ntop or rerun the configuration using
dpkg-reconfigure ntop.