新一代Ntopng网络流量监控—可视化和架构分析

What ntopng can do for me? (http://www.ntop.org/products/ntop/)

  • Sort network traffic according to many protocols
  • Show network traffic and IPv4/v6 active hosts
  • Store on disk persistent traffic statistics in RRD format
  • Geolocate hosts
  • Discover application protocols by leveraging on nDPI, ntop’s DPI framework.
  • Characterise HTTP traffic by leveraging on characterisation services provided by block.si. ntopng comes with a demo characterisation key, but if you need a permanent one, please mail [email protected].
  • Show IP traffic distribution among the various protocols
  • Analyse IP traffic and sort it according to the source/destination
  • Display IP Traffic Subnet matrix (who’s talking to who?)
  • Report IP protocol usage sorted by protocol type
  • Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe.
  • Produce HTML5/AJAX network traffic statistics

Brew快速安装

yanruideMacBook-Pro:~ yanrui$ ruby -v

ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14]

yanruideMacBook-Pro:~ yanrui$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

==> This script will install:

/usr/local/bin/brew

/usr/local/Library/...

/usr/local/share/man/man1/brew.1

Press RETURN to continue or any other key to abort

==> Downloading and installing Homebrew...

remote: Counting objects: 237423, done.

remote: Compressing objects: 100% (1040/1040), done.

remote: Total 237423 (delta 711), reused 0 (delta 0), pack-reused 236381

Receiving objects: 100% (237423/237423), 32.52 MiB | 1.01 MiB/s, done.

Resolving deltas: 100% (176649/176649), done.

From https://github.com/Homebrew/homebrew

* [new branch]      master     -> origin/master

HEAD is now at 0faf905 Return early for the == case in Version#<=>

==> Installation successful!

==> Next steps

Run `brew doctor` before you install anything

Run `brew help` to get started

yanruideMacBook-Pro:~ yanrui$ brew ?

Error: Unknown command: ?

yanruideMacBook-Pro:~ yanrui$ brew?

-bash: brew?: command not found

yanruideMacBook-Pro:~ yanrui$

yanruideMacBook-Pro:~ yanrui$

yanruideMacBook-Pro:~ yanrui$ brew help

Example usage:

brew [info | home | options ] [FORMULA...]

brew install FORMULA...

brew uninstall FORMULA...

brew search [foo]

brew list [FORMULA...]

brew update

brew upgrade [FORMULA...]

brew pin/unpin [FORMULA...]

Troubleshooting:

brew doctor

brew install -vd FORMULA

brew [--env | config]

Brewing:

brew create [URL [--no-fetch]]

brew edit [FORMULA...]

open https://github.com/Homebrew/homebrew/blob/master/share/doc/homebrew/Formula-Cookbook.md

Further help:

man brew

brew home

yanruideMacBook-Pro:~ yanrui$ brew info

yanruideMacBook-Pro:~ yanrui$ brew update

Updated Homebrew from 0faf9056 to 90abb002.

==> Updated Formulae

libdnet

Brew install ntopng

yanruideMacBook-Pro:~ yanrui$ brew install ntopng

cairo: XQuartz is required to install this formula.

You can install with Homebrew Cask:

brew install Caskroom/cask/xquartz

You can download from:

https://xquartz.macosforge.org

pango: XQuartz is required to install this formula.

You can install with Homebrew Cask:

brew install Caskroom/cask/xquartz

You can download from:

https://xquartz.macosforge.org

Error: Unsatisified requirements failed this build.

yanruideMacBook-Pro:~ yanrui$ brew install Caskroom/cask/xquartz

Cloning into ‘/usr/local/Library/Taps/caskroom/homebrew-cask‘...

remote: Counting objects: 128670, done.

remote: Compressing objects: 100% (12/12), done.

remote: Total 128670 (delta 4), reused 0 (delta 0), pack-reused 128658

Receiving objects: 100% (128670/128670), 37.17 MiB | 6.00 KiB/s, done.

Resolving deltas: 100% (85113/85113), done.

Checking connectivity... done.

Ntopng 服务启动

yanruideMacBook-Pro:~ yanrui$ sudo ntopng

19/Mar/2015 11:51:40 [Ntop.cpp:586] Setting local networks to 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8

19/Mar/2015 11:51:40 [Redis.cpp:74] Successfully connected to Redis 127.0.0.1:6379

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en0 [id: 0]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface awdl0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface awdl0 [id: 1]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en1...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en1 [id: 2]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en2...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en2 [id: 3]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface p2p0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface p2p0 [id: 4]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface lo0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface lo0 [id: 5]

19/Mar/2015 11:51:40 [Utils.cpp:251] User changed to nobody

19/Mar/2015 11:51:40 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNum.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNum.dat

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCity.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCity.dat

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat

19/Mar/2015 11:51:40 [HTTPserver.cpp:351] HTTPS Disabled: missing SSL certificate /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/ssl/ntopng-cert.pem

19/Mar/2015 11:51:40 [HTTPserver.cpp:352] Please read https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL if you want to enable SSL.

19/Mar/2015 11:51:40 [HTTPserver.cpp:389] Web server dirs [/usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs][/usr/local/Cellar/ntopng/1.2.1/share/ntopng/scripts]

19/Mar/2015 11:51:40 [HTTPserver.cpp:392] HTTP server listening on port 3000

19/Mar/2015 11:51:40 [main.cpp:232] Working directory: /var/tmp/ntopng

19/Mar/2015 11:51:40 [main.cpp:234] Scripts/HTML pages directory: /usr/local/Cellar/ntopng/1.2.1/share/ntopng

19/Mar/2015 11:51:40 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.1 (r1.2.1) - (C) 1998-14 ntop.org

19/Mar/2015 11:51:40 [PeriodicActivities.cpp:53] Started periodic activities loop...

19/Mar/2015 11:51:40 [RuntimePrefs.cpp:32] Dump alerts into syslog

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface en0 [id: 1]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface awdl0 [id: 2]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface en1 [id: 3]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface en2 [id: 4]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface p2p0 [id: 5]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface lo0 [id: 6]...

Ntopng 依赖组件

yanruideMacBook-Pro:Cellar yanrui$ pwd

/usr/local/Cellar

yanruideMacBook-Pro:Cellar yanrui$ ls -lrt

total 0

drwxr-xr-x  3 yanrui  admin  102  3 18 15:58 brew-cask

drwxr-xr-x  3 yanrui  admin  102  3 18 16:13 readline

drwxr-xr-x  3 yanrui  admin  102  3 18 16:13 sqlite

drwxr-xr-x  3 yanrui  admin  102  3 18 16:13 gdbm

drwxr-xr-x  3 yanrui  admin  102  3 18 16:14 openssl

drwxr-xr-x  3 yanrui  admin  102  3 18 16:15 python

drwxr-xr-x  3 yanrui  admin  102  3 18 16:15 autoconf

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 automake

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 pkg-config

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 libtool

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 gettext

drwxr-xr-x  3 yanrui  admin  102  3 18 16:17 libffi

drwxr-xr-x  3 yanrui  admin  102  3 18 16:17 glib

drwxr-xr-x  3 yanrui  admin  102  3 18 16:17 gobject-introspection

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 json-glib

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 wget

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 zeromq

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 libtasn1

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 gmp

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 nettle

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 gnutls

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 json-c

drwxr-xr-x  3 yanrui  admin  102  3 18 16:20 libpng

drwxr-xr-x  3 yanrui  admin  102  3 18 16:20 freetype

drwxr-xr-x  3 yanrui  admin  102  3 18 16:20 fontconfig

drwxr-xr-x  3 yanrui  admin  102  3 18 16:23 pixman

drwxr-xr-x  3 yanrui  admin  102  3 18 16:24 cairo

drwxr-xr-x  3 yanrui  admin  102  3 18 16:30 icu4c

drwxr-xr-x  3 yanrui  admin  102  3 18 16:31 harfbuzz

drwxr-xr-x  3 yanrui  admin  102  3 18 16:31 pango

drwxr-xr-x  3 yanrui  admin  102  3 18 16:31 rrdtool

drwxr-xr-x  3 yanrui  admin  102  3 18 16:32 luajit

drwxr-xr-x  3 yanrui  admin  102  3 18 16:32 geoip

drwxr-xr-x  3 yanrui  admin  102  3 18 16:33 redis

drwxr-xr-x  3 yanrui  admin  102  3 18 16:34 ntopng

时间: 2024-10-06 06:45:08

新一代Ntopng网络流量监控—可视化和架构分析的相关文章

Linux网络流量监控与分析工具Ntop和Ntopng

Ntop工具 Ntop是一个功能强大的流量监控.端口监控.服务监控管理系统 能够实现高效地监控多台服务器网络 Ntop功能介绍 Ntop提供了命令行界面和web界面两种工作方式,通过web'界面,可以清晰展示网络的整体使用情况.网络中各主机的流量状态与排名.各主机占用的带宽以及各时段的流量明细.局域网内各主机的路由.端口使用情况等. Ntop是网络流量监控中的新秀,它是一种网络嗅探器,在运维中,可以使用Ntop检测网络数据传输.排除网络故障,分析网络流量判断网络上存在的各种问题.同时监控是否有黑

ntopng网络流量实时监控

High-Speed Web-based Traffic Analysis and Flow Collection ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcapand it has been written in a portable way in order to

网络分流器-网络分流器TAP网络流量监控

戎腾网络分流器作为网络安全重要装备,是整个网络安全领域网络监控前端最关键的装备! 今天我们详解网络流量监控! 网络分流器TAPATCA网络分流器支持多用户高密度网络分流器DPI检测五元组过滤网络分流器镜像可视化流量汇聚分流从网络体系架构来说,网络流量是基础.所有对网络的应用和网络本身的行为特点的研究都可以通过对网络流量的研究来获得.网络的行为特征可以通过其承载的流量的动态特性来反映,所以有针对性地监测网络中流量的各种参数(如接收和发送数 据 报大小.丢包率.数据报延迟等信息),能从这些参数中分析

linux系统CPU,内存,磁盘,网络流量监控脚本

前序 1,#cat /proc/stat/ 信息包含了所有CPU活动的信息,该文件中的所有值都是从系统启动开始累积到当前时刻 2,#vmstat –s 或者#vmstat 虚拟内存统计 3, #cat /proc/loadavg 从系统启动开始到当前累积时刻 4, #uptime 系统运行多长时间 5, #mpstat CPU的一些统计信息 6, # 一,linux系统CPU,内存,磁盘,网络流量监控脚本 [作者:佚名来源:不详时间:2010-7-6 [我来说两句大中小] cme.sh网络流量监

详解网络流量监控&#8203;

详解网络流量监控 网络的行为特征可以通过其承载的流量的动态特性来反映,所以有针对性地监测网络中流量的各种参数(如接收和发送数据报大小.丢包率.数据报延迟等信息),能从这些参数中分析网络的运行状态.通过分析和研究网络上所运载的流量特性,有可能提供一条有效的探索网络内部运行机制的途径. 另外,网络流量反映了网络的运行状态,是判别网络运行是否正常的关键.如果网络所接收的流量超过其实际运载能力,就会引起网络性能下降.通过流量测量不仅能反映网络设备(如路由器.交换机等)工作是否正常,而且能反映出整个网络运

CentOS 6.6 架设ntopng网络流量监控服务器

教程目的:架设ntopng网络流量监控服务器日    期:2015年08月20日联系邮箱:[email protected]Q Q  群:1851 1570151CTO博客首页:http://990487026.blog.51cto.com开源社区,有你更精彩! 简介因ntop网络流量监控工具,不能够直观的看到是什么设备在哪个子网使用什么协议与端口从哪儿来要到哪儿去,采用开源软件ntopng可以解决这个问题. 硬件准备:1,ntop服务器需要两块网卡2,如果公司存在多个网段,那么请把交换机所有端

使用ntopng,在Linux上搭建基于Web的网络流量监控系统

Ntopng 简介: Ntopng是原ntop下一代版本,用于网络流量实时监控显示.Ntopng类似于RMON远端网络监控代理,具有内置的Web服务能力,使用redis键值服务按时间序列存储统计信息.你可以在任何指定的监控服务器上安装ntopng,只需使用任一web浏览器,就能实时访问服务器上的流量报告了. Ntopng 常用功能说明: 根据许多协议对网络流量进行排序: 显示网络流量和IPv4/v6的活动主机: 显示主机的地理位置: 显示IP的各种协议流量分布: 根据源/目的IP流量分析和排序:

Ntopng 网络流量实时监控系统搭建

下面实现Ntopng的rpm包安装 关于使用源码包也很简单,主要是Centos要提前配置EPEL-RELEASE方便依赖包安装, 在编译源码包就OK Ntopng介绍: Ntopng是原ntop下一代版本,网络流量实时监控显示.Ntopng类似于RMON远端网络监控代理,具有内置的Web服务能力,使用redis键值服务按时间序列存储统计信息.你可以在任何指定的监控服务器上安装ntopng,只需使用任一web浏览器,就能实时访问服务器上的流量报告了. ntopng用户可以使用一个网页浏览器浏览的N

巧用ELK快速实现网站流量监控可视化

前言 本文可能不会详细记录每一步实现的过程,但一定程度上可以引领小伙伴走向更开阔的视野,串联每个环节,呈现予你不一样的效果. 业务规模 8个平台 100+台服务器 10+个集群分组 微服务600+ 用户N+ 面临问题 随着分布式微服务容器技术的发展,传统监控系统面临许多问题: 容器如何监控 微服务如何监控 集群性能如何进行分析计算 如何管理agent端大量配置脚本 这些都是传统监控所要面临的棘手问题,那么如何解决当前遇到的问题,GPE横空出世,后面会重点分析. 系统监控 目标群体:系统日志.服务