How to Install Ntopng to Monitor Network Traffic on Debian 11

Are you a system administrator or network engineer looking for a lightweight, easy-to-use, cross-platform network monitoring tool?  Well, then Ntopng might be the tool you are looking for.

Ntopng is an open-source network monitoring tool that monitors real-time network traffic from a web interface. Ntopng is the next-generation edition of the original ntop. It is a cross-platform tool available on nearly all operating systems, including Windows, Unix/Linux, macOS, and BSD.

Ntopng offers many features like:

  • Traffic filtering and sorting according to their source and destination
  • Supports various protocols, including TCP, UDP, SMTP, ICMP, ARP, FTP, Netbios, SSH, Telnet, and many more
  • Provide Geolocation of IP addresses
  • Generates alerts and notifications while detecting unusual network behavior
  • Easily navigate and visualize traffic data from the web interface
  • Support encrypted network traffic analysis
  • Discover the application protocols (YouTube, Facebook, BitTorrent etc.) using Deep Packet Inspection technology.

In this article, you will learn how to install Ntopng on Debian 11.

Step 1: Prerequisites

  • A system is running Debian 11.
  • A user with sudo privileges

Step 2: Update the system

Before you start the installation, It is recommended to update your Debian base system by executing the following command:

sudo apt update -y
sudo apt upgrade -y

Step 3: Configure Ntopng repository:

Ntopng is not a part of the default Debian 11 repository, So you need to configure Ntopng repository on your Debian system, to do so, run the following command:

wget http://apt.ntop.org/buster/all/apt-ntop.deb
sudo dpkg -i apt-ntop.deb

The above command will add “ntop.list” repository on your system. Next, apply the repository changes by executing the below command:

sudo apt update -y

Step 4: Install and Configure Ntopng

Run the below command on the terminal to install Ntopng package with the required dependencies:

Sudo apt install ntopng pfring-dkms nprobe n2disk cento -y

Ntopng listens on port 3000 by default. You can configure your network interface, and change the default port number and other settings by editing ntop.conf

sudo vim /etc/ntopng/ntopng.conf

Now, make the changes as per your system interface name. Here, you can specify more than one interface name.

#    -i|--interface

#    Specifies the network interface or collector endpoint to be used by ntopng for network.
-i=eth0

# -i=eth2

#    Sets the HTTP port of the embedded web server.

-w=3000

Save and Close the file once you have made the necessary changes.

You can give Network IP range in a separate file. Create a new file called ntopng.start in the Ntopng root directory.

sudo vim /etc/ntopng/ntopng.start

Add your network IP range as shown below:

--local-networks "192.168.0.0/24"  ## give your local IP Ranges here.

--interface 1

Save and Exit the file. You need to restart Ntopng service to apply the configuration changes:

systemctl restart ntopng

Next, start Ntopng service at a boot time and then verify the service status using the below command:

sudo systemctl enable ntopng
sudo systemctl status ntopng

Output:

ntopng service - ntopng high-speed web-based traffic monitoring and analysis tool

Loaed: loaded (/etc/systemd/system/ntopng.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-02-28 16:45:28 UTC; 1min 0s ago
Process: 15335 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a resto
Process: 15350 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
Process: 15352 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, s
Process: 15354 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/nt

   Main PID: 15356 (ntopng-main)
   Tasks: 24 (limit: 525)
  Memory: 140.6M
     CPU: 9.146s
  CGroup: /system.slice/ntopng.service
          ??15356 /usr/bin/ntopng /run/ntopng.conf

Feb 28 16:45:29 debian11 ntopng[15356]: 28/Feb/2023 16:45:29 [startup.lua:35] Processing startup.lua: please hold on...
Feb 28 16:45:30 debian11 ntopng[15356]: 28/Feb/2023 16:45:30 [startup.lua:120] [lists_utils.lua:827] Refreshing category lists...

You can verify Ntopng service on your system with the following command:

sudo ss -tnlp | grep ntopng

The output should be similar to the following:

LISTEN 0   4096    0.0.0.0:3000   0.0.0.0:*  users:(("ntopng-main",pid=15356,fd=37))

Step 5: Access the Ntopng from a web browser

Open your web browser and write the URL http://your-server-ip:3000. Kindly note that you need to replace your system IP address followed by the port number, and you will be redirected to the Ntopng login page:

Enter the default username and password as admin/admin, and click on the Login button. You should see the following screenshot:

Set a new password and click the “Change Password” button. You should see the Ntopng default dashboard page as shown in the below screenshot:

Next, Click on the Hosts > Hosts option from the left side, and you see a list of available hosts for your network.

You can also check your network interface details from the left pane by clicking on interface > Details option.

 Conclusion

Congratulations! You have installed Ntopng on your Debian 11. Ntopng provides many other options that can be very useful for real-time network monitoring and generating alerts. You can see system information and also configured alert endpoint. You are welcome to ask me if you have any questions.

Share this page:

0 Comment(s)