This guide will take you through how to install ntopng on Rocky Linux 8. ntopng is a high performance web-based network traffic monitoring application. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.
Main ntopng Features
- Sort network traffic according to many criteria including IP address, port, Layer-7 (L7) application protocols, throughput, Autonomous Systems (ASs)
- Show realtime network traffic and active hosts
- Produce long-term reports for several network metrics including throughput and L7 application protocols
- Top talkers (senders/receivers), top ASs, top L7 application protocols
- Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
- Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
- Geolocate and overlay hosts in a geographical map
- Discover Layer-7 application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
- Analyze IP traffic and sort it according to the source/destination
- Report IP protocol usage sorted by protocol type
- Produce HTML5/AJAX network traffic statistics
- Full support for IPv4 and IPv6
- Full Layer-2 support (including ARP statistics)
- GTP/GRE detunnelling
- Support for nIndex, MySQL, ElasticSearch export of monitored data
- Interactive historical exploration of monitored data exported to nIndex and MySQL
- Flexible alerts handling
- SNMP v1/v2c/v3 support and continuous monitoring of SNMP devices
- Identity Management, including correlation of VPN users to traffic
- Focused on cybersecurity
- Behavioral traffic analyses such as lateral movements and periodic traffic detection
- REST API to ease integrations with third-parties
Install ntopng on Rocky Linux 8
There exists various versions of ntopng. From community versions to Enterprise versions.
We will learn how to install community version of ntopng on Rocky Linux 8.
Install the ntop Packages Repository on Rocky Linux 8
ntopng is not available on default Rocky Linux 8 repositories.
Thus, you need to install the ntop Packages Repository.
wget https://packages.ntop.org/centos-stable/ntop.repo -O /etc/yum.repos.d/ntop.repo
Install and enable other repositories
dnf install epel-release
dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf config-manager --set-enabled powertools
Install ntopng on Rocky Linux 8
Next, execute the commands below to install ntopng on Rocky Linux 8.
dnf erase zeromq3
dnf install pfring-dkms n2disk nprobe ntopng cento pfring-drivers-zc-dkms
Run ntopng community Version
In order to run the community version of ntopng, edit the configuration file, /etc/ntopng/ntopng.conf
, by running the command below;
sed -i 's#-G=/var/run/ntopng.pid#-G=/var/run/ntopng.pid \\n--community#' /etc/ntopng/ntopng.conf
That is the only configuration we can make in this demo. The file is highly commented and you can read through it for more configuration options.
Running ntopng Service
Start and enable ntopng to run on system boot;
systemctl enable --now ntopng
Check the status;
systemctl status ntopng
● ntopng.service - ntopng high-speed web-based traffic monitoring and analysis tool
Loaded: loaded (/usr/lib/systemd/system/ntopng.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-07-22 13:20:13 EAT; 12s ago
Process: 5087 ExecStopPost=/bin/rm -rf /run/ntopng.conf /run/ntopng.conf.raw /run/ntopng.pid (code=exited, status=0/SUCCESS)
Process: 5510 ExecStartPre=/bin/sh -c /bin/sed "/^[ ]*-e.*$\|^[ ]*-G.*\|^[ ]*--daemon.*\|[ ]*--pid.*/s/^/#/" /run/ntopng.conf.raw > /run/ntopng.conf (code=exited, status>
Process: 5507 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf.d/*.conf >> /run/ntopng.conf.raw 2>/dev/null || true (code=exited, status=0/SUCCESS)
Process: 5503 ExecStartPre=/bin/sh -c /bin/cat /etc/ntopng/ntopng.conf > /run/ntopng.conf.raw (code=exited, status=0/SUCCESS)
Process: 5490 ExecStartPre=/bin/sh -c /usr/bin/ntopng-utils-manage-config -a check-restore && /usr/bin/ntopng-utils-manage-config -a restore || true (code=exited, statu>
Main PID: 5512 (ntopng)
Tasks: 47 (limit: 23673)
Memory: 203.7M
CGroup: /system.slice/ntopng.service
└─5512 /usr/bin/ntopng /run/ntopng.conf
Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [Ntop.cpp:882] Adding fe80::301d:abeb:ad8b:6c56/64 as IPv6 local network for enp0s8
Jul 22 13:20:16 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:16 [PeriodicActivities.cpp:107] Started periodic activities loop...
Jul 22 13:20:17 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:17 [startup.lua:50] Processing startup.lua: please hold on...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:144] [lists_utils.lua:696] Category Lists (695 hosts, 3140 IPs, 99 JA3) loaded in>
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [startup.lua:218] Startup completed: ntopng is now operational
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [PeriodicActivities.cpp:168] Each periodic activity script will use 4 threads
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface lo [id: 1]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s3 [id: 2]...
Jul 22 13:20:18 rocky8.kifarunix-demo.com ntopng[5512]: 22/Jul/2021 13:20:18 [NetworkInterface.cpp:2749] Started packet polling on interface enp0s8 [id: 3]...
Access ntopng Web Interface
By default, ntopng listens on port 3000/tcp.
ss -altnp | grep 3000
LISTEN 0 128 0.0.0.0:3000 0.0.0.0:* users:(("ntopng",pid=5512,fd=45))
Hence, open this port on firewalld:
firewall-cmd --permanent --add-port=3000/tcp
firewall-cmd --reload
Next, navigate to http://server-IP:3000
Login using the default credentials: admin:admin and reset the password afterwards.

Some dashboards for ntopng;

Alerts


And that is it. ntopng is now installed and running. You can read further on the documentation page;
Other tutorials
Detecting Malicious Files with Wazuh and VirusTotal