Ntopng Network Traffic Monitoring on Ubuntu 24.04 | Easy Guide

By Posted on

Ntopng Network Traffic Monitoring on Ubuntu 24.04 | Easy Guide

Monitoring network traffic is crucial for understanding the activity on your system or network. With Ubuntu 24.04, performing Ntopng Network Traffic Monitoring becomes straightforward. Ntopng is a powerful tool that provides a web-based interface for real-time data on traffic, IP addresses, protocols, and more. This information is invaluable for analyzing network usage, troubleshooting issues, and optimizing performance.

This guide, presented by Orcacore, will walk you through the steps to install Ntopng on Ubuntu 24.04 and begin monitoring your network effectively.

Before diving into the installation of Ntopng Network Traffic Monitoring, ensure you have the following prerequisites:

  1. Sudo User: Log in to your server as a non-root user with sudo privileges. If you need to create a sudo user, refer to Creating a sudo user on Ubuntu 24.04.

  2. UFW Firewall: Set up a UFW firewall on your server. Instructions can be found at UFW Firewall Config on Ubuntu 24.04.

Once these prerequisites are met, proceed with the steps below to install Ntopng on Ubuntu 24.04.

Step 1. Download and Install Ntopng on Ubuntu 24.04

First, update your system’s package list using the following command:

sudo apt update

Next, install the necessary packages and dependencies:

# sudo apt install software-properties-common wget -y
# sudo add-apt-repository universe

After the dependencies are installed, navigate to the /tmp directory, download, and install the Ntopng repository using these commands:

# cd /tmp
# sudo wget https://packages.ntop.org/apt/24.04/all/apt-ntop.deb
# sudo apt install ./apt-ntop.deb

Now, install the Ntopng packages on Ubuntu 24.04:

# sudo apt clean all
# sudo apt update
# sudo apt install pfring-dkms nprobe ntopng n2disk cento ntap -y

Step 2. Configure Ntopng on Ubuntu 24.04

In this step, you need to modify the Ntopng configuration file. Open the file with your preferred text editor, such as Vi Editor or Nano Editor:

sudo vi /etc/ntopng/ntopng.conf

Inside the file, locate the -w directive. Uncomment it by removing the # symbol. This directive specifies the port used for the web interface. You can customize this port, but remember to open the corresponding port in your firewall.

Configure Ntopng on Ubuntu 24.04

Save and close the file after making the changes.

Next, open the Ntopng port in your firewall using the following command:

sudo ufw allow 3000/tcp

Reload the firewall to apply the changes:

sudo ufw reload

Finally, restart the Ntopng service to implement the configuration changes:

sudo systemctl restart ntopng

Step 3. Start and Enable Ntopng Monitoring Tool

The Ntopng service should be enabled and started by default. However, you can explicitly start and enable it using the following commands:

# sudo systemctl start ntopng
# sudo systemctl enable ntopng

Verify the status of the Ntopng service with the command:

sudo systemctl status ntopng

The output should indicate that the service is active and running:

Step 4. Access Ntopng Monitoring Dashboard

Now you can access the Ntopng web interface by entering your server’s IP address in your web browser, followed by port 3000 (or the port you specified in the configuration file):

http://<server-IP>:<3000>

You will be presented with the Ntopng Login screen. Use the default credentials:

username: admin
password: admin

Click login to proceed.

After logging in, you will be prompted to change the admin password and select your preferred language.

Once the initial setup is complete, you will be directed to the Ntopng monitoring dashboard. From here, you can begin monitoring your network traffic by passively capturing data, collecting network flows (NetFlow, sFlow, and IPFIX), monitoring specific network devices, and monitoring network infrastructure via SNMP, among other features.

If you require more advanced features and functionalities, consider upgrading to the pro version of Ntopng.

Conclusion

Installing Ntopng on Ubuntu 24.04 provides a valuable tool for real-time network traffic monitoring. Its user-friendly web interface helps maintain network security and optimize performance. We hope this guide has been helpful. Now you are all set to go with Ntopng Network Traffic Monitoring.

Please subscribe to us on Facebook, X, and YouTube.

You may also like to read the following articles:

Install and Configure Cacti on Ubuntu 24.04

Install Nagios on Ubuntu 24.04

Installing bmon on Ubuntu 22.04

Remotely Monitor Ubuntu Server with Glances

Alternative Solutions for Network Traffic Monitoring on Ubuntu 24.04

While Ntopng is an excellent choice for network traffic monitoring, other tools offer similar functionalities and can be more suitable depending on your specific needs. Here are two alternative solutions:

1. Using tcpdump and Wireshark

tcpdump is a command-line packet analyzer that captures network traffic. Wireshark is a GUI-based network protocol analyzer that can analyze the captured traffic. This combination provides a powerful and flexible solution for network traffic monitoring.

Explanation:

  • tcpdump captures raw network packets from the network interface.
  • The captured packets can be saved to a file for later analysis.
  • Wireshark can then open and analyze the capture file, providing detailed information about the network traffic, including protocols, source and destination addresses, and data payloads.

Steps:

  1. Install tcpdump:

    sudo apt install tcpdump

  2. Capture network traffic:

    sudo tcpdump -i <interface> -w capture.pcap

    Replace <interface> with the name of your network interface (e.g., eth0, wlan0). capture.pcap is the name of the file where the captured packets will be stored.

  3. Install Wireshark:

    sudo apt install wireshark

  4. Analyze the captured traffic:

    Open Wireshark and load the capture.pcap file. You can then use Wireshark’s filtering and analysis tools to examine the network traffic.

Code Example (Filtering in Wireshark):

To filter traffic based on a specific IP address in Wireshark, you can use the following filter:

ip.addr == 192.168.1.100

This filter will only show packets that have either the source or destination IP address of 192.168.1.100. You can also filter by protocol (e.g., tcp, udp, http) or port number.

2. Using iftop

iftop is a real-time console-based network monitoring tool that displays a table of current network bandwidth usage. It shows a list of network connections, along with the bandwidth they are using.

Explanation:

iftop listens to network traffic on a specified interface and displays the top network connections based on bandwidth usage. It provides a quick and easy way to identify the most active network connections on your system.

Steps:

  1. Install iftop:

    sudo apt install iftop

  2. Run iftop:

    sudo iftop -i <interface>

    Replace <interface> with the name of your network interface (e.g., eth0, wlan0).

Code Example (Running iftop):

sudo iftop -i eth0

This command will start iftop and monitor the network traffic on the eth0 interface. The output will show a table of network connections and their bandwidth usage.

These alternative solutions offer different approaches to Ntopng Network Traffic Monitoring. tcpdump and Wireshark provide in-depth packet analysis, while iftop offers a quick overview of network bandwidth usage. The best choice depends on your specific monitoring needs and preferences. Choose one of these solutions for Ntopng Network Traffic Monitoring based on your needs.

Related posts: