Installation and Commissioning

For the Linux distributions, including Raspbian, ntop provides a separate repository each for stable and nightly builds [6]. The nightly builds are more suitable for admins who like to try out the latest features. For production use, the stable versions are the more obvious choice. On Ubuntu 18.04 LTS, the installation comprises the few simple commands shown in Listing 1.

sudo apt install software-properties-common wget
sudo add-apt-repository universe
wget http://apt-stable.ntop.org/18.04/all/apt-ntop-stable.deb
sudo apt install ./apt-ntop-stable.deb
 **
sudo apt clean all
sudo apt update
sudo apt install pfring nprobe ntopng ntopng-data n2disk cento nbox

The "Supernode Remote Access" box describes how ntopng sets up remote support.

First Launch and Web Interface

Ntopng launches automatically after installation; you can access the web interface directly over http://<IP address>:3000 . Unfortunately, the web server launches with an unencrypted connection; this setup is not a good idea for security reasons because ntop is delivered with self-signed SSL certificates that throw warning messages in the browser. If you prefer to run ntopng under an official domain name, you can secure the SSL/TLS connection with an official certificate.

The free Let's Encrypt CA is a good way to do this. A step-by-step guide can be found in a blog post online [7]. For internal use, self-signed certificates are certainly justifiable: Disable the unencrypted connection and enable the SSL-protected web server by adding the following lines to the /etc/ntopng/ntopng.conf file,

--http-port=0
--https-port=443

and restarting ntopng by typing:

sudo systemctl restart ntopng

To avoid conflicts with other web servers, you will want to make sure first that another web server is not already using TCP port 443 on the ntop server. If this cannot be avoided, you can move the ntopng HTTP server to another port above 1024 (e.g., use --https-port=4443 and then log in with the URL https://<IP address>:4443 ).

The first time you log in with the admin username and password, you will be prompted to set a new password. Because the admin user cannot be disabled, you will want to set a very secure password for this user and define a second user with admin rights for administration work later on. Click on the gear (Settings) icon top right on the dashboard (Figure 1) to enter user management and create a new user. From the dashboard, you can assign to each user individually the network interfaces or networks they are permitted to evaluate.

Figure 1: The traffic dashboard is the heart of ntopng, showing the administrator a real-time view of traffic.

On the Command Line

You can also start ntopng with the desired parameters directly at the command line. For an overview of the available options, type ntopng -h. For example, if you want ntopng to monitor only certain network interfaces (by default, all network interface cards are monitored), simply specify them with the -i parameter:

ntopng -i en01 -i enp3s0

You can just as easily disable DNS resolution completely, prevent automatic logout from the web interface, output a list of the application protocols recognized by ntopng as follows

ntopng -n 3
ntopng -q
ntopng --print-ndpi-protocols

and much, much more.