Tuesday, November 5, 2013

Installing NTOP NG on CentOS 6.4

With my linux router in place between my cable modem and safe@office, I'm ready to start playing around with some network IDS/IPS/visualization tools.  The first one I want to play around with is ntop.

For the most part, I followed this link

NTOP has created a couple of YUM repos that store most of the binaries/etc you will need to run ntop on CentOS.  This makes it pretty easy to install.

Here is what my ntopng config looks like:


-G=/var/tmp/ntopng.gid
-i eth1
--data-dir /var/ntop
--local-networks 192.168.10.0/24,192.168.12.0/24,192.168.252.0/24


In my case, my inside interface is eth1.  Cable can be quite noisy, so I rather monitor the inside interface then the outside one.  Local networks just tells ntop what to consider local, and what not to.  Make sure the data-dir is writable by the user that ntop switches to after startup (usually nobody).

Other than that, have fun looking at the flows.  I've noticed that ntop is only taking up about 30mb of ram.  Nice!