操作系统:rhas4
软件版本:perl-Net-SNMP-5.2.0-1.2.el4.rf.noarch.rpm
rrdtool-1.0.41-1.8.0.ntop.i386.rpm
ntop-3.3-1.el4.rf.i386.rpm
安装配置ntop
[root@localhost ntop]# rpm -ivh rpm -ivh ntop-3.3-1.el4.rf.i386.rpm
#装上了APT,方便了许多,Y之后相关依赖包安装完毕
[root@localhost ntop]# vi /etc/ntop.conf
#编辑配置文件
--interface eth0前面注释去掉,网卡请按照实际情况配置
--http-server 3000前面注释去掉,定义服务端口,注:ntop并不须要apache服务开启
[root@localhost ntop]# ntop -A
#设置管理员密码
[root@localhost ntop]# /etc/init.d/ntop start
#启动ntop服务
在地址栏中输入:服务地址:3000,既可看到界面.
以上为单机测试环境,实际中请将此服务器放置于启用span的交换机接口或HUB下
3550例:
monitor session 1 source vlan 1 , 2 , 3 , 4 , 6 rx
#监控源为vlan1 vlan2 vlan3 vlan4 vlan6的入口方向
monitor session 1 destination interface Fa0/28
#目的端口为fa0/28,接上装有ntop服务的服务器
我的配置文件:
### You should copy this file to it's normal location, /etc/etc/ntop.conf
### and edit it to fit your needs.
###
### ntop is easily launched with options by referencing this file from
### a command line like this:
###
### ntop @/etc/ntop.conf
###
### Remember, options may also be listed directly on the command line, both
### before and after the @/etc/ntop.conf.
###
### For switches that provide values, e.g. -i, the last one matters.
### For switches just say 'do things', e..g -M, if it's ANYWHERE in the
### commands, it will be set. There's no unset option.
###
### You can use this to your advantage, for example:
### ntop @/etc/ntop.conf -i none
### Overrides the -i in the file.
### Sets the user that ntop runs as.
### NOTE: This should not be root unless you really understand the security risks.
--user ntop
### Sets the directory that ntop runs from.
--db-file-path /var/ntop
### Interface(s) that ntop will capture on (default: eth0)
--interface eth0
### Configures ntop not to trust MAC addrs. This is used when port mirroring or SPAN
#--no-mac
### Logging messages to syslog (instead of the console):
### NOTE: To log to a specific facility, use --use-syslog=local3
### NOTE: The = is REQUIRED and no spaces are permitted.
--use-syslog
### Tells ntop to track only local hosts as specified by the --local-subnets option
#--track-local-hosts
### Sets the port that the HTTP webserver listens on
### NOTE: --http-server 3000 is the default
--http-server 3000
### Sets the port that the optional HTTPS webserver listens on
#--https-server 3001
### Sets the networks that ntop should consider as local.
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24
### The addresses of the interfaces are always local and don't need to be specified.
#--local-subnets xx.xx.xx.xx/yy
### Sets the domain. ntop should be able to determine this automatically.
#--domain mydomain.com
### Sets program to run as a daemon
### NOTE: For more than casual use, you probably want this.
#--daemon
详细资料:
/usr/bin/ntop -P /usr/share/ntop -u ntop -A
#-P [directory]指定.db档存放路径
#-u [user]指定service启动user
#-A 设定admin密码,ntop会内建admin管理者帐号于ntop中
4.查看首次启动所需动作
less /usr/share/doc/ntop-3.0/1STRUN.txt
5.编修/etc/ntop.conf档
vi /etc/ntop.conf
内容如下:
#eth0 是我的单块网卡 lo是回路
--interface eth0,lo
#--no-mac
#由于我只是一台机器所以下面的没加,假如您是在路由器或网关上请把对应的ip段改成自己的
--local-subnets 192.168.10.0/24
#运行端口
--http-server 3000
#数据库存放路径
--db-file-path /usr/share/ntop
#守护进程方式运行
--daemon
#用户名
--user ntop
#默认运行等级
--trace-level 3
#跳过任何错误
--disable-schedyield
6.启动ntop
/etc/init.d/ntop start
7.查看网络流量
8.停止为
/etc/init.d/ntop stop
为ntop首页 ,里面有相关资料及抓图等
ntop若是架设在hub下时便能监控到网络上任何的封包。但若是架设在switch环境下时,除非是开放SPAN的功能否则只能监测给自己的封包。
本机测试环境为单机,标准安装。未配置插件条件下。如有兴趣可自行研究插件 由于ntop需要监听端口,所以最好用iptables限定某些ip能够浏览 否则可能带来安全性问题
