![]() ![]() You’ll need to untar the ‘ntopng-1.1_6932.tgz’ file in the normal manner (e.g ‘tar xzvf ntopng-1.1_6932.tgz’). Place the files somewhere accessible on your VM (I use the /root directory). Ntopng-data-1.1_6932.tgz – NTOPNG GEOIP data. Ntopng-1.1_6932.tgz – NTOPNG main source package When the above packages have been installed, you can that move forward with the NTOPNG installation.įirst, download the two packages from the NTOP website. I won’t go into the basic install of Debian here, however, to build ntopng, you will need the following additional packages from the Debian APT sources repository – apt-get install rrdtool libxml2 wget curl tcpdump libpcap-dev linux-headers-3.2.0-4-amd64 subversion libxml2-dev libglib2.0-0 libglib2.0-dev redis-server The mirror port uses a spare physical NIC on the ESX host which is configured in promiscuous mode (e.g it hears everything). Network adapter 1 is for management, adapter 2 is for packet capturing from the switch mirror port. A basic install was needed to begin with, with a few extra packages needed later to support the installation of NTOPNG (more on that below). I used Debian as my OS of choice for the VM. My VM settings are pretty basic – 1GB memory, 20GB disk space, and two vNIC’s. For my purposes, I used the source package, with the intention of building a Virtual Machine capable of monitoring the network and have a mirror port on my switch. NTOPNG is available as a source package which you can build yourself as well as pre-built binaries (some Linux OSes come with it packaged) all the way up to commercial appliances capable of monitoring flows at very high speeds. It also offers a low-cost alternative to full Layer 7 inspection devices although it doesn’t necessarily have the full detection depth of such commercial products (appliances such as Allot’s NetEnforcer, or Blue Coat’s Packetshaper). NTOP has been around for some years, is a great application for doing this and has recently under gone a lot of development to bring us NTOPNG. Sflow/Netflow/JFlow applications are a nice way of getting visibility of network throughput at ingress/egress points of your network, as are SPAN/TAP devices which simply listen on a mirror port. I’ve used open-source network flow monitoring software for a long time now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |