Some time ago I published a post introducing ntopng as an out-of-the-box network monitoring tool. I am running it on a Knoppix live Linux notebook with two network cards. However, I have a few customers that wanted a persistent installation of ntopng in theirĀ environment. So this is a step-by-step tutorial on how to install ntopng on a Ubuntu server with at least two NICs.
Some time ago I installed a new firewall at the customer’s site. Meanwhile, the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course, it is easy to filter through log messages of firewalls, but theses logs are only for finished sessions. Yes, there are “session browsers” or the like on all firewalls, but they are not nice and handy to analyze the sessions in real time.
The solution was to bring a network analyzer on a mirror port near the firewall. I decided to use ntopng running on the live Linux distribution Knoppix. Great choice! An old notebook with two network adapters fits perfectly. A handful of commands and you’re done: