Install ntopng on Rocky Linux 8

0
44

This guide will take you through how to install ntopng on Rocky Linux 8. ntopng is a high performance web-based network traffic monitoring application. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.

Main ntopng Features

  • Sort network traffic according to many criteria including IP address, port, Layer-7 (L7) application protocols, throughput, Autonomous Systems (ASs)
  • Show realtime network traffic and active hosts
  • Produce long-term reports for several network metrics including throughput and L7 application protocols
  • Top talkers (senders/receivers), top ASs, top L7 application protocols
  • Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
  • Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
  • Geolocate and overlay hosts in a geographical map
  • Discover Layer-7 application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
  • Analyze IP traffic and sort it according to the source/destination
  • Report IP protocol usage sorted by protocol type
  • Produce HTML5/AJAX network traffic statistics
  • Full support for IPv4 and IPv6
  • Full Layer-2 support (including ARP statistics)
  • GTP/GRE detunnelling
  • Support for nIndexMySQLElasticSearch export of monitored data
  • Interactive historical exploration of monitored data exported to nIndex and MySQL
  • Flexible alerts handling
  • SNMP v1/v2c/v3 support and continuous monitoring of SNMP devices
  • Identity Management, including correlation of VPN users to traffic
  • Focused on cybersecurity
  • Behavioral traffic analyses such as lateral movements and periodic traffic detection
  • REST API to ease integrations with third-parties

Install ntopng on Rocky Linux 8

There exists various versions of ntopng. From community versions to Enterprise versions.

We will learn how to install community version of ntopng on Rocky Linux 8.

Install the ntop Packages Repository on Rocky Linux 8

ntopng is not available on default Rocky Linux 8 repositories.

Thus, you need to install the ntop Packages Repository.

wget https://packages.ntop.org/centos-stable/ntop.repo -O /etc/yum.repos.d/ntop.repo

Install and enable other repositories

dnf install epel-release
dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf config-manager --set-enabled powertools

Install ntopng on Rocky Linux 8

Next, execute the commands below to install ntopng on Rocky Linux 8.

dnf erase zeromq3
dnf install pfring-dkms n2disk nprobe ntopng cento pfring-drivers-zc-dkms

Run ntopng community Version

In order to run the community version of ntopng, edit the configuration file, /etc/ntopng/ntopng.conf, by running the command below;

sed -i 's#-G=/var/run/ntopng.pid#-G=/var/run/ntopng.pid \\n--community#'  /etc/ntopng/ntopng.conf

That is the only configuration we can make in this demo. The file is highly commented and you can read through it for more configuration options.

Running ntopng Service

Start and enable ntopng to run on system boot;

systemctl enable --now ntopng

Check the status;

systemctl status ntopng
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
   Loaded: loaded (/usr/lib/systemd/system/ntopng.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2021-07-22 13:20:13 EAT; 12s ago
  Process: 5087 ExecStopPost=/bin/rm -rf /run/ntopng.conf /run/ntopng.conf.raw /run/ntopng.pid (code=exited, status=0/SUCCESS)
  Process: 5510 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/ntopng.conf (code=exited, status>
  Process: 5507 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, status=0/SUCCESS)
  Process: 5503 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
  Process: 5490 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore  && /usr/bin/ntopng-utils-manage-config -a restore || true (code=exited, statu>
 Main PID: 5512 (ntopng)
    Tasks: 47 (limit: 23673)
   Memory: 203.7M
   CGroup: /system.slice/ntopng.service
           └─5512 /usr/bin/ntopng /run/ntopng.conf

Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [Ntop.cpp:882] Adding fe80::301d:abeb:ad8b:6c56/64 as IPv6 local network for enp0s8
Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [PeriodicActivities.cpp:107] Started periodic activities loop...
Jul 22 13:20:17 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:17 [startup.lua:50] Processing startup.lua: please hold on...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:696] Category Lists (695 hosts, 3140 IPs, 99 JA3) loaded in>
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:218] Startup completed: ntopng is now operational
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [PeriodicActivities.cpp:168] Each periodic activity script will use 4 threads
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface lo [id: 1]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s3 [id: 2]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s8 [id: 3]...

Access ntopng Web Interface

By default, ntopng listens on port 3000/tcp.

ss -altnp | grep 3000
LISTEN 0      128          0.0.0.0:3000      0.0.0.0:*    users:(("ntopng",pid=5512,fd=45))

Hence, open this port on firewalld:

firewall-cmd --permanent --add-port=3000/tcp
firewall-cmd --reload

Next, navigate to http://server-IP:3000

Login using the default credentials: admin:admin and reset the password afterwards.

Install ntopng on Rocky Linux 8

Some dashboards for ntopng;

Install ntopng on Rocky Linux 8

Alerts

Install ntopng on Rocky Linux 8
Install ntopng on Rocky Linux 8

And that is it. ntopng is now installed and running. You can read further on the documentation page;

ntopng Documentation

Other tutorials

Detecting Malicious Files with Wazuh and VirusTotal

Install Prometheus on Rocky Linux 8

Install Grafana on Rocky Linux 8

LEAVE A REPLY

Please enter your comment!
Please enter your name here