Monitoring and analysing the networking traffic is important for various reasons. On our Linux VServer setup, we have a dedicated Guest running ntop on each machine that we have. This guide is for Debian.

1. Create a Guest.
2. The following system capabilities are required for ntop (insert in /etc/vservers/GuestName/bcapabilities)
   • NET_BROADCAST
   • NET_ADMIN
   • NET_RAW
3. Start and Enter the Guest!
   • vserver ntop start && vserver ntop enter
4. Install ntop and graphviz
   • apt-get install ntop graphviz
5. Run ntop --set-admin-password
6. Start ntop /etc/init.d/ntop start
7. Browse to http://ip.address:3000

This is just the basics to get it running. You may need to modify the following files according to your needs.

/var/lib/ntop/init.cfg

USER="ntop"
INTERFACES="eth0"

Change INTERFACES accordingly to the network device that you are monitoring.

/etc/default/ntop

What’s important is the GETOPT. It allows you to set different options for ntop! Here’s a sample of some of the key options,

• -o ensures that each Guests installed in the Host will be tracked by their IPs.
• -W <address>:<port> sets the listening address and port number on an SSL connection. Use lowercase -w for standard HTTP connection.
• -4 to monitor only IPv4.

Refer to the manual for other useful options.

ntop is pretty powerful due to its way of capturing packets and its analyses. Use it wisely.