A Computer Network Defense Company

Developing ideas with the strength & courage to defend.

• Site Navigation

  • Lomin Security
  • Blog
  • SIM CD
  • Services
  • Job Opportunities
  • Online Store
  • Contact Us

• Email Subscription

  Name
  
  Email*
  
  

  Emails managed with Mad Mimi

• Ntop 3.310 and FreeBSD 8.0

  By: jminto

  1 comment

  A A

  Ntop is a very useful tool for reviewing traffic on your network. Remembering what was surfed the night before, or guessing what somebody else did is not a sure fire way to get answers. Ntop provides that insight with certainty using graphs and tables. It also generates alerts when it discovers aberrant behavior. That sounds great, but how is it setup?

  The first choice should be to run ntop on Linux. ntop is very well supported on most if not all of the Linux platforms. However, not everyone likes to run Linux. OpenBSD is great, but only ntop version 1.1 is supported. The latest version of 3.310 is available on Free BSD 8.0. It is not perfect, but usable.
  Details appear later in this article. Follow these steps to get quickly started:

  adduser ntop
chown -R ntop /var/db/ntop
echo ntop_enable=”YES” >> /etc/rc.conf
echo ntop_flags=””-d –use-syslog=daemon –u ntop”” >> /etc/rc.conf
cd /usr/local/share/GeoIP
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
gzip –d *.gz
ln –s /usr/local/share/GeoIP/GeoIPASNum.dat /usr/local/etc/ntop/
ln –s /usr/local/share/GeoIP/GeoLiteCity.dat /usr/local/etc/ntop/
cd /tmp
wget http://prdownloads.sourceforge.net/ettercap/ettercap-0.6.b.tar.gz?download
tar xzvf ./ettercap-0.6.b.tar.gz ./ettercap-0.6.b/etter.passive.os.fp
mv ettercap-0.6.b/etter.passive.os.fp /usr/local/etc/ntop/etter.finger.os
wget -r -l2 -Nc -A.pat http://l7-filter.sourceforge.net/layer7-protocols/
mv l7-filter.sourceforge.net/layer7-protocols /usr/local/etc/ntop/l7-patterns

  Signup for the Lomin Security MailList to receive exclusive Network Defense content and more information about ntop and BSD.   Name Email* Emails managed with Mad Mimi

  edit /usr/local/etc/rc.d/ntop and add change directories before ntop is started:

  cd /usr/local/etc/ntop

  Review /var/log/messages for errors after all of this has been completed.

  Start and stop ntop with the following command:

  /usr/local/etc/rc.d/ntop [start | stop | restart]

  References

  NTOP Bandwidth Monitoring on Ubuntu 8.04

  NTOP FAQ

  Network Monitoring With ntop:  Installation and Configuration

  Related posts:

  1. OpenBSD dos2unix

  CNO

  BSD, DOS, file conversion, FreeBSD, ntop, System Administration, windows

   

  Comments
  • Comments (1)
  • Trackbacks (0)
  • rss
  • Leave a comment
  • 

    jminto

    March 12th, 2010 at 14:33

    Return to top

    Truetype fonts for Local Network Traffic Map

    You may experience problems with the Local Network Traffic Map lide this:

    Command was:

    /usr/local/bin/dot -Tpng -Goverlap=false /var/db/ntop/ntop.dot -o /var/db/ntop/network_map.png 2>&1

    Results were:

    Error: Could not find/open font

    This is remedied by installing the true type fonts on your operating system. That sounds easy, but isn’t. The fonts used to be available for download from Microsoft, but now you have to download it from different other sites:

    http://web.nickshanks.com/fonts/microsoft-core-web-fonts

    Extract the fonts from the archive and install it in the /usr/local/lib/X11/fonts/TrueType directory.
  No Trackbacks yet

  Leave a Reply

  Click here to cancel reply.

  Name (required)

  Mail (will not be published) (required)

  Website

  CAPTCHA Code

  

  

  

© Copyright 2005-2010 Lomin LLC. All rights reserved. Privacy Policy. Disclaimer.