Using ntop in Linux

The ntop utility is like top for networking. Whereas top shows running processes ntop shows network connections. It can run in an interactive mode on the terminal or as a web server in the web mode showing information in a graphical way.

To get started using ntop on Linux you will likely need to install it first. While ntop is available in official repositories of popular distributions like Debian, Ubuntu, CentOS, RHEL etc. chances are you will have some issues with that ntop version because it is no longer being maintained. It has been replaced by ntopng, or ntop next generation, so it is recommended that you install that instead.

To do so you will need to add the appropriate repository for your Linux distribution. Luckily you’ve got all the info you need at the ntop package repository pages. In brief for Debian and Ubuntu based installations see the apt-stable repository, and for RHEL and CentOS based distros use centos-stable. Just follow the clear instructions presented there, which will basically involve just copy-pasting and running a few commands.

After it is installed you should make sure to have the ntopng configuration file in

Installation may ask some questions. The first one is which interfaces you want ntop to listen on. The default in Ubuntu is “none”, but you may want to change this to something like eth0, which is the most common ethernet interface used. Then it may ask for an administrator password, something you can use to log in to ntop’s web interface. After you enter the password twice it will continue installing, and when it’s finished you should already have the ntop service running.

At this point you can already access the ntop web interface, which we’ll get to in a bit, but if you run the ntop command on the terminal there’s a chance you run into an error.