安裝配置ntop

操作系統:rhas4

軟件版本:perl-Net-SNMP-5.2.0-1.2.el4.rf.noarch.rpm

        rrdtool-1.0.41-1.8.0.ntop.i386.rpm

        ntop-3.3-1.el4.rf.i386.rpm

安裝配置ntop

 

[root@localhost ntop]# rpm -ivh rpm -ivh ntop-3.3-1.el4.rf.i386.rpm

                      #裝上了APT,方便了許多,Y之後相關依賴包安裝完畢

 

 

[root@localhost ntop]# vi /etc/ntop.conf

                       #編輯配置文件

                         --interface eth0前面註釋去掉,網卡請按照實際情況配置

                         --http-server 3000前面註釋去掉,定義服務端口,注:ntop並不須要apache服務開啓

 

[root@localhost ntop]# ntop -A

                       #設置管理員密碼

 

[root@localhost ntop]# /etc/init.d/ntop start

                       #啓動ntop服務

 

在地址欄中輸入:服務地址:3000,既可看到界面.

 

以上爲單機測試環境,實際中請將此服務器放置於啓用span的交換機接口或HUB下

3550例:

monitor session 1 source vlan 1 , 2 , 3 , 4 , 6 rx

                  #監控源爲vlan1 vlan2 vlan3 vlan4 vlan6的入口方向

monitor session 1 destination interface Fa0/28

                  #目的端口爲fa0/28,接上裝有ntop服務的服務器

 

我的配置文件:

 

###  You should copy this file to it's normal location, /etc/etc/ntop.conf
###  and edit it to fit your needs.
###
###       ntop is easily launched with options by referencing this file from
###       a command line like this:
###
###       ntop @/etc/ntop.conf
###
###  Remember, options may also be listed directly on the command line, both
###  before and  after the @/etc/ntop.conf.
###
###  For switches that provide values, e.g. -i, the last one matters.
###  For switches just say 'do things', e..g -M, if it's ANYWHERE in the
###  commands, it will be set.  There's no unset option.
###
###  You can use this to your advantage, for example:
###       ntop @/etc/ntop.conf -i none
###  Overrides the -i in the file.

### Sets the user that ntop runs as.
###  NOTE: This should not be root unless you really understand the security risks.
--user ntop

### Sets the directory that ntop runs from.
--db-file-path /var/ntop

### Interface(s) that ntop will capture on (default: eth0)
--interface eth0

### Configures ntop not to trust MAC addrs.  This is used when port mirroring or SPAN
#--no-mac

### Logging messages to syslog (instead of the console):
###  NOTE: To log to a specific facility, use --use-syslog=local3
###  NOTE: The = is REQUIRED and no spaces are permitted.
--use-syslog

### Tells ntop to track only local hosts as specified by the --local-subnets option
#--track-local-hosts

### Sets the port that the HTTP webserver listens on
###  NOTE: --http-server 3000 is the default
--http-server 3000

### Sets the port that the optional HTTPS webserver listens on
#--https-server 3001

### Sets the networks that ntop should consider as local.
###  NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24
###        The addresses of the interfaces are always local and don't need to be specified.
#--local-subnets xx.xx.xx.xx/yy

### Sets the domain.  ntop should be able to determine this automatically.
#--domain mydomain.com

### Sets program to run as a daemon
###  NOTE: For more than casual use, you probably want this.
#--daemon

 

詳細資料:

 

　　/usr/bin/ntop -P /usr/share/ntop -u ntop -A

　　#-P [directory]指定.db檔存放路徑

　　#-u [user]指定service啓動user

　　#-A 設定admin密碼，ntop會內建admin管理者帳號於ntop中

　　4.查看首次啓動所需動作

　　less /usr/share/doc/ntop-3.0/1STRUN.txt

　　5.編修/etc/ntop.conf檔

　　vi /etc/ntop.conf

　　內容如下：

　　#eth0 是我的單塊網卡 lo是迴路

　　--interface eth0,lo

　　#--no-mac

　　#由於我只是一臺機器所以下面的沒加，假如您是在路由器或網關上請把對應的ip段改成自己的

　　--local-subnets 192.168.10.0/24

　　#運行端口

　　--http-server 3000

　　#數據庫存放路徑

　　--db-file-path /usr/share/ntop

　　#守護進程方式運行

　　--daemon

　　#用戶名

　　--user ntop

　　#默認運行等級

　　--trace-level 3

　　#跳過任何錯誤

　　--disable-schedyield

　　6.啓動ntop

　　/etc/init.d/ntop start

　　7.查看網絡流量

　　http://localhost:3000/

　　8.停止爲

　　/etc/init.d/ntop stop

　　http://www.ntop.org/ntop.html爲ntop首頁 ，裏面有相關資料及抓圖等

　　ntop若是架設在hub下時便能監控到網絡上任何的封包。但若是架設在switch環境下時，除非是開放SPAN的功能否則只能監測給自己的封包。

　　本機測試環境爲單機，標準安裝。未配置插件條件下。如有興趣可自行研究插件 由於ntop需要監聽端口，所以最好用iptables限定某些ip能夠瀏覽 否則可能帶來安全性問題