Network top (Ntop) is a hybrid packet analyzer that displays the top network hosts and protocols, similar to how the Unix top command displays the top CPU processes. Simple Network Management Protocol (SNMP) monitoring applications such as NRG provide a device-centric view of a network or multiple networks based on device metrics defined by their manufacturers, whereas Ntop processes raw network packets directly off the wire to provide an aggregate view of the hosts and protocols on a single network. I’ll show you how to install and run Ntop —you may refer to the FAQ or documentation for detailed information about its operation.
This section covers installing general support software required for Ntop.
You may install the MacPorts package manager and its prerequisites with these instructions, which include XWindows (X11) installation instructions. Don't forget to run MacPorts' "sudo port selfupdate" command before continuing.
You may use a current user or create a new one. This is the user you'll use to run the Ntop application.
Perform this MacPorts' command to install Ntop.
%%sudo port install ntop +server
These are the MacPorts' Ntop file locations.
/opt/local/bin – ntop executable
/opt/local/etc/ntop – ntop.conf file
Now chown the Ntop files to the Ntop user.
%%sudo chown –L –R <ntop-user>:<ntop-user> /opt/local/var/ntop
Set an Ntop admin password, which is necessary to run Ntop. Enter a password when prompted.
%%sudo ntop -P /opt/local/var/ntop -u ntop -A
You may also want to check the /opt/local/etc/ntop/ntop.conf file to see if you'd like to customize any information.
After you’ve set an Ntop admin password and checked the ntop.conf file, you may run Ntop with this command. Ntop must start with root privileges, though it gives up root privileges after it starts up for security.
%%sudo ntop @/opt/local/etc/ntop/ntop.conf -d
Check for a running Ntop process.
%%ps -ax |grep ntop
If the process is running, you'll see a line similar to this.
431 std- S 0:05.80 ntop -P /opt/local/bin/ntop -u ntop
If you wish to run Ntop at system boot, run the LaunchD item that was installed with the +server variant.
%%sudo launchctl load –w /Library/LaunchDaemons/org.macports.ntop.plist
Once the Ntop process is running, you may use its web interface to see the results of the data capture. Ntop generates its own web pages independent of Apache, so you may run the Apache web server simultaneously with Ntop.
Start a web browser and go to http://localhost:3000 to access the Ntop web interface.
To get more information on Ntop, you may check the FAQ and documentation. For further support you may use the Ntop mailing list.