Ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information. ntopng comes in three versions, Community, Professional (Small Business Edition) and Enterprise. The Community version is free to use and opensource. A physical NIC card of the server can be monitored by by specifying its interface name as
./ntopng -i eth0
However, we will use ntopng in flow collection mode along with nProbe which can act as probe/proxy. The communication between nProbe and ntopng takes place over ZeroMQ, a publish-subscribe protocol that allows ntopng to communicate with nProbe.
ntpong community version is installed on Ubuntu Server 18.04.1 with IP address 172.17.100.7/16. Ubuntu is running inside VirtualBox VM. The IP address of the host (Asus k55vm) is 172.17.100.2/16. The host is connected to the SOHO router that functions as gateway to the Internet gateway with the IP address 172.17.100.1/16. The network diagram is shown on the Picture 1.
nProbe is installed on Raspberry Pi 3B with the IP address 172.17.100.50/16. Windows 7 is installed on the monitored PC with IP address 172.17.100.10/16 which is connected to the FastEthernet0/3 of Cisco Catalyst switch 3550. Raspberry PI with installed nProbe is connected to the FastEthernet0/24. Cisco switch is connected to the SOHO router.
Picture 1 - Network Topology
Here is the default password list for all devices in our topology.
Device - username/password
Raspberry Pi: pi/raspberry
Ubuntu Server 18.04 : ubuntu/ubuntu
ntopng: admin/admin123
Cisco Catalyst 3550: admin/admin, enable password: cisco
ntpong web interface: http://172.17.100.7:3000
Hardware
Raspberry PI 3B
- Raspbian GNU/Linux 9.4 (stretch)
- nProbe v.8.5.180917
Asus K55Vm 16GB RAM
- host OS: Linux Kubuntu 18.04.1
- Oracle VirtualBox 5.2 with guest VM:
-- Ubuntu 16.04.5 Server and with installed Ntopng
1. Port Mirroring Configuration
In order to send traffic from monitored (source) port Fa0/3 with connected PC (172.17.100.10/16) to the destination port Fa0/24 with connected Raspberry PI, we need to configure port-mirroring feature on Cisco as:
Switch(config)# monitor session 1 source interface Fa0/3
Switch(config)# monitor session 1 destination interface Fa0/24 encapsulation dot1q ingress vlan 1
It ensures that nProbe sends flows to the ntpong.
2. Raspbian Stretch Installation on Raspberry Pi 3B
Raspbian Strech is installed on Raspberry Pi 3B. nProbe is installed on the top of Raspbian Stretch.
2.1 Downloading Raspbian Stretch for Raspberry Pi3 and Copy Image to SD Card
We will download the latest Raspbian Stretch and save it to x86-64 Kubuntu 18.04.
$ wget https://downloads.raspberrypi.org/raspbian_lite_latest
Extract the image.
$ unzip raspbian_lite_latest
Be sure that SD card is not mounted. If yes, umount the card.
$ sudo umount /dev/mmcblk0
Copy the extracted piCore image to SD card.
$ sudo dd bs=4M if=2018-06-27-raspbian-stretch-lite.img of=/dev/mmcblk0 status=progress conv=fsync
Remove SD card from Kubuntu and insert it to Raspberry Pi. Login with username pi and password raspberry.
2.2. Utilize All Space on SD card
By default the image utilizes only 4GB of your SD card space. Issue the command below.
# raspi-config
Navigate to Advanced Options-> A1 Expand Filesystem Ensures that all of the SD card storage is available to the OS. The filesystem will be enlarged upon the next reboot.
2.3 Configure Static IP Address
Set static IP address for interface eth0.
# echo "interface eth0" >> /etc/dhcpcd.conf
# echo "static ip_address=172.17.100.50/16" >> /etc/dhcpcd.conf
# echo "static routers=172.17.100.1" >> /etc/dhcpcd.conf
# echo "static domain_name_servers=172.17.100.1 8.8.8.8" >> /etc/dhcpcd.conf
2.4 Enable SSH Server
Navigate to Interface Options-> SSH and click Yes to enable SSH server.
# raspi-config
2.5 Set Timezone
We need to configure the correct timezone (Picture 2).
# dpkg-reconfigure tzdata
Picture 2 - Timezone Configuration on Raspberry PI
3. nProbe Installation and Configuration on Raspbian
3.1 nProbe Installation
Download and import the public key.
$ wget http://packages.ntop.org/apt/ntop.key
$ sudo su
# apt-key add ntop.key
Add ntop repository.
# echo "deb http://apt.ntop.org/stretch_pi armhf/" > /etc/apt/sources.list.d/ntop.list
# echo "deb http://apt.ntop.org/stretch_pi all/" >> /etc/apt/sources.list.d/ntop.list
# apt-get update
Install nprobe from the repository.
# apt-get install nprobe
3.2 nProbe Configuration
We discuss nProbe configuration in the separate article.
4. Ubuntu 18.04.1 Server Installation and Configuration
Ubuntu 18.04.1 is running as VirtualBox guest VM and its installation is not covered in the tutorial.
4.1 Static IP Address Configuration for Ubuntu 18.04.1 Server
Ubuntu 18.04 uses netplan to configure network interfaces (Picture 3). Change the network card name if needed, mine is enp0s3.
$ cat /etc/netplan/01-systemd-networkd-eth.yaml
Picture 3 - Static IP Address Configuration for Ubuntu 18.04
Save changes.
$ sudo netplan apply
4. Ntopng Installation and Configuration on Ubuntu 18.04.x LTS Server
ntpong can be installed either from repository or we can compile and install it from sources. We will show both ways, select your preferred installation method.
4.1 ntpong Installation from Repository
Add repository universe to the /etc/apt/sources.list (Picture 4). Use your favorite file editor.
$ sudo su
# vi /etc/apt/sources.list
Picture 4 - Adding Universe to Ubuntu Repository List
# apt-get update
# apt-get install ntopng
4.2 Ntop Compilation and Installation from Sources
In case, you prefer manual installation, below are the steps.
$ sudo su
Add universe repository as we are going to install redis server form the repository (Picture 4).
Install Dependencies for PF_RING, nDPI and ntpong.
$ sudo apt-get install autoconf pkg-config libtool libcurl4-openssl-dev rrdtool librrd-dev libmysqlclient-dev bison flex libpcap0.8-dev libmaxminddb-dev libsqlite3-dev libpcap-dev
4.2.1 Redis Server Installation from Repository
$ sudo apt-get install redis-server redis-tools
4.2.2 PF_RING Installation
$ git clone https://github.com/ntop/PF_RING.git
$ cd PF_RING/kernel
$ make
$ sudo insmod ./pf_ring.ko
$ cd ../userland
$ make
$ cd ~
4.2.3 nDPI Installation
$ git clone https://github.com/ntop/nDPI.git
$ cd nDPI
$ ./autogen.sh
$ ./configure –with-pic
$ make
$ cd ~
4.2.4 ntopng Installation
$ git clone https://github.com/ntop/ntopng.git
$ cd ntopng
$ ./autogen.sh
$ ./configure
$ make geoip
$ make
$ sudo make install
4.2.5 After Install Steps for ntopng
In case you notice permission problems when ntpong is started, change owner from root to nobody for the following directory.
# chown -R nobody /var/lib/ntopng/
5. Testing
Open your favorite web browser and type the URL http://172.17.100.7:3000. If you followed the instructions correctly, you will see the Ntopng login page. The default username is admin and password is admin. You will be prompted to change the password during a first login.
We discuss ntpong flow collection modes in the next tutorial.
Excellent! This is one of those projects that are a 'must have'. Have you deployed these devices in IDFs yet? Have you created a 'single pane of glass' to view all the collected logs?
Hi,
Could you tell me which license of ntopng you used? Thank you so much.