Difference between revisions of "Ntopng"
From HackerNet
Helikopter (talk | contribs) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | High-Speed Web-based Traffic Analysis and Flow Collection. | |
− | High-Speed Web-based Traffic Analysis and Flow Collection. | ||
− | + | == Installation == | |
+ | 14.04 | ||
wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop.deb && sudo dpkg -i apt-ntop.deb | wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop.deb && sudo dpkg -i apt-ntop.deb | ||
− | sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install ntopng ntopng-data nbox | + | sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install ntopng ntopng-data nbox libzmq3 libhiredis0.10 |
sudo service apache2 restart | sudo service apache2 restart | ||
− | https://<IP | + | 16.04 |
+ | wget http://packages.ntop.org/apt-stable/16.04/all/apt-ntop.deb && sudo dpkg -i apt-ntop.deb | ||
+ | sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install ntopng ntopng-data nbox nprobe | ||
+ | sudo service apache2 restart | ||
+ | |||
+ | ==Konfiguration== | ||
+ | Konfigurationen ligger i '''/etc/ntopng.conf''' men allt kan göras med nbox gui: | ||
+ | https://<IP> | ||
credentials: nbox:nbox<br/> | credentials: nbox:nbox<br/> | ||
ntopng konfas och startas från webgui:t | ntopng konfas och startas från webgui:t | ||
− | === Listener Port | + | == Portspegling == |
+ | Det finns olika sätt att få den speglade trafiken till ntop. | ||
+ | * '''vSwitch:''' Promiscuous mode | ||
+ | * '''dvSwitch:''' Distributed Port Mirroring | ||
+ | * '''Fysisk switch:''' [[Cisco_SPAN|SPAN]]/RSPAN/ERSPAN | ||
+ | |||
+ | Listener Port | ||
echo "auto eth1" | sudo tee -a /etc/network/interfaces | echo "auto eth1" | sudo tee -a /etc/network/interfaces | ||
echo "iface eth1 inet manual" | sudo tee -a /etc/network/interfaces | echo "iface eth1 inet manual" | sudo tee -a /etc/network/interfaces | ||
− | == | + | ==NetFlow== |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
In ntopng flows are collected through nProbe that act as probe/proxy. The communication between nProbe and ntopng happens though ZeroMQ that decouples ntopng from nProbe. | In ntopng flows are collected through nProbe that act as probe/proxy. The communication between nProbe and ntopng happens though ZeroMQ that decouples ntopng from nProbe. | ||
− | OBS nprobe kräver licens | + | OBS nprobe kräver licens, se även [[Cisco_NetFlow|Cisco NetFlow]]. |
sudo nprobe --zmq "tcp://*:5556" -i none [eth0] -n none --collector-port 2055 & | sudo nprobe --zmq "tcp://*:5556" -i none [eth0] -n none --collector-port 2055 & | ||
sudo ntopng -i tcp://127.0.0.1:5556 | sudo ntopng -i tcp://127.0.0.1:5556 | ||
− | + | '''nProbe modes''' | |
[[File:Nprobe.PNG|left|607x607px]] | [[File:Nprobe.PNG|left|607x607px]] | ||
+ | |||
+ | [[Category:Guider]] |
Latest revision as of 13:29, 23 June 2016
High-Speed Web-based Traffic Analysis and Flow Collection.
Installation
14.04
wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop.deb && sudo dpkg -i apt-ntop.deb sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install ntopng ntopng-data nbox libzmq3 libhiredis0.10 sudo service apache2 restart
16.04
wget http://packages.ntop.org/apt-stable/16.04/all/apt-ntop.deb && sudo dpkg -i apt-ntop.deb sudo apt-get clean all && sudo apt-get update && sudo apt-get -y install ntopng ntopng-data nbox nprobe sudo service apache2 restart
Konfiguration
Konfigurationen ligger i /etc/ntopng.conf men allt kan göras med nbox gui:
https://<IP>
credentials: nbox:nbox
ntopng konfas och startas från webgui:t
Portspegling
Det finns olika sätt att få den speglade trafiken till ntop.
- vSwitch: Promiscuous mode
- dvSwitch: Distributed Port Mirroring
- Fysisk switch: SPAN/RSPAN/ERSPAN
Listener Port
echo "auto eth1" | sudo tee -a /etc/network/interfaces echo "iface eth1 inet manual" | sudo tee -a /etc/network/interfaces
NetFlow
In ntopng flows are collected through nProbe that act as probe/proxy. The communication between nProbe and ntopng happens though ZeroMQ that decouples ntopng from nProbe.
OBS nprobe kräver licens, se även Cisco NetFlow.
sudo nprobe --zmq "tcp://*:5556" -i none [eth0] -n none --collector-port 2055 & sudo ntopng -i tcp://127.0.0.1:5556
nProbe modes