Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

ntopng™ High-Speed Web-based Traffic Analysis and Flow Collection User Guide Ve

ntopng™ High-Speed Web-based Traffic Analysis and Flow Collection User Guide Version 2.5 January 2017 © 2002-17 Page ! of ! 1 75 Index Preface 4 ....................................................................................................................................................... What is ntopng 4 .......................................................................................................................................... How to start ntopng 4 .................................................................................................................................. The ntopng Configuration File 5 .............................................................................................................. Running ntopng as a Daemon 6 ............................................................................................................ Daemon Configuration File 6 .............................................................................................................. Automatic Daemon Startup on Boot 6 ............................................................................................... Daemon Control 6 ............................................................................................................................... Running ntopng on Windows 8 .............................................................................................................. Specify Monitored Interfaces 8 ........................................................................................................... Execution as a Windows Service 9 ..................................................................................................... Command Line Options 11 ........................................................................................................................... The ntopng Web GUI 16 ............................................................................................................................... Home Menu 17 ......................................................................................................................................... About ntopng 18 ................................................................................................................................... ntop Blog 19 .......................................................................................................................................... Report an Issue 19 ................................................................................................................................ Dashboard 19 ....................................................................................................................................... Dashboard 20 .......................................................................................................................................... Dashboard in the Community Version 20 ........................................................................................ Dashboard in the Professional Version 25 ........................................................................................ Report 25 ................................................................................................................................................... Flows 29 Application 29 ...................................................................................................................................... Layer-4 Protocol (L4 Proto) 30 .............................................................................................................. Client 30 ................................................................................................................................................ Server 30 ............................................................................................................................................... Duration 30 ........................................................................................................................................... Breakdown 30 ...................................................................................................................................... Actual Throughput 30 .......................................................................................................................... Total Bytes 30 ....................................................................................................................................... Info 30 ................................................................................................................................................... Hosts 32 All Hosts 32 ........................................................................................................................................... Host Pools 33 ....................................................................................................................................... Networks 34 ......................................................................................................................................... Autonomous Systems 34 .................................................................................................................... Countries 35 ......................................................................................................................................... Operating Systems 35 ......................................................................................................................... HTTP Servers (Local) 36 ........................................................................................................................ Top Hosts (Local) 36 ............................................................................................................................. Geo Map 37 .......................................................................................................................................... Tree Map 37 ......................................................................................................................................... Local Flow Matrix 38 ............................................................................................................................ Host Details 39 ......................................................................................................................................... Home 39 ............................................................................................................................................. Traffic 40 ............................................................................................................................................... Packets 41 ............................................................................................................................................. Ports 42 ................................................................................................................................................. Page ! of ! 2 75 Peers 43 ................................................................................................................................................ Protocols 44 .......................................................................................................................................... DNS 45 .................................................................................................................................................. HTTP 46 ................................................................................................................................................. Flows 47 ................................................................................................................................................ SMNP 47 ............................................................................................................................................... Talkers 48 ............................................................................................................................................. Geography 48 ..................................................................................................................................... Similarity 48 .......................................................................................................................................... Alerts Configuration 49 ...................................................................................................................... Statistics 50 ......................................................................................................................................... Interfaces 51 .............................................................................................................................................. Home 52 .............................................................................................................................................. Packets 52 ............................................................................................................................................ Protocols 53 .......................................................................................................................................... Statistics 54 ......................................................................................................................................... Traffic Profiles (Professional Version) 55 .......................................................................................... Host Pools 56 ...................................................................................................................................... Packet Dump 57 ................................................................................................................................. Settings 58 .............................................................................................................................................. Manage Users 58 ................................................................................................................................ Preferences 59 ..................................................................................................................................... Export Data 59 ...................................................................................................................................... Administration 60 .................................................................................................................................... Alerts 60 .................................................................................................................................................. Host Search 60 ......................................................................................................................................... Advanced ntopng Features 61 .................................................................................................................... Physical Interfaces Aggregation: Interface Views 61 ............................................................................ Traffic Profiles 62 ...................................................................................................................................... Realtime Profiles 62 ............................................................................................................................. Historical Profiles Statistics 63 ............................................................................................................. Bridging and Traffic Policing 64 .............................................................................................................. 2+1 Bridging Mode 65 ......................................................................................................................... 1+1 Bridging Mode 65 .......................................................................................................................... The Bridge Details Page 66 ................................................................................................................. Traffic Policing 67 ................................................................................................................................. Captive Portal 69 .................................................................................................................................. Flows Dump 73 ......................................................................................................................................... MySQL 73 .............................................................................................................................................. ElasticSearch 74 ................................................................................................................................... Additional ntopng Features 75 ............................................................................................................... Page ! of ! 3 75 Preface By reading this book, you will learn how to install ntopng, how to use the basic elements of the graphical user interface (such as menu bars) and what’s behind some of the cool features that are not always obvious at first sight. It will hopefully guide you around some common problems that frequently appear for new (and sometimes even advanced) users of ntopng. What is ntopng Ntopng is a passive network monitoring tool focused on flows and statistics that can be obtained from the traffic captured by the server. How to start ntopng Ntopng can be started from the command line of your favorite Linux, Unix and Windows system. Services control panel are also supported in Windows. When starting ntopng it is possible to modify its behavior by customizing one or more of the several optional settings available, using either the command line, or grouping them in a configuration file used and start ntopng with it. ntopng <configuration file path> ntopng <command line options> Section “Command Line Options” of this guide thoroughly discuss any available option. Page ! of ! 4 75 The ntopng Configuration File Command line options can be grouped in a plain text file, that is typically named ntopng.conf. Note that any name is acceptable except when ntopng is run as a daemon in which case ntopng.conf file name must be used. Options in the configuration file must be reported one per line. Comment lines are accepted as well and have to be prefixed with the ‘#’ sign. Option name and option value must be separated by the ‘=‘ sign. The latter sign is necessary even for options that doesn’t require a value. For example, to disable interface promiscuous mode, one would use --no-promisc when starting ntopng directly from the command line or would add a line --no-promisc= in the configuration file when starting ntopng as a daemon. An example of a configuration file is the following $ cat /etc/ntopng/ntopng.conf -G=/var/tmp/ntopng.pid --daemon= # Listen on localhost:3000 only --http-port=:3000 # Use prefix due to nginx proxy --http-prefix="/ntopng" # Everybody's admin #--disable-login=1 # Do not resolve any names --dns-mode=3 # Limit memory usage --max-num-flows=200000 --max-num-hosts=250000 --sticky-hosts=none # Dump flows to MySQL --dump-flows=mysql;localhost;ntopng;flows;ntopng;xxx #--verbose Page ! of ! 5 75 Running ntopng as a Daemon Ntopng can be run in daemon mode on unix systems and optionally be run automatically on system startup. Daemon execution and status are controlled using the script /etc/init.d/ntopng The script is installed automatically on unix systems as it is part of any standard ntopng installation procedure. Daemon Configuration File Ntopng configuration file is required when running it as a daemon. The configuration file has to be named ntopng.conf and must be placed under /etc/ntopng/ The interested reader can find above and example of a configuration file. Automatic Daemon Startup on Boot In order to launch ntopng daemon automatically on system startup, an empty file ntopng.start must be created in the same directory of the configuration files. Therefore, the directory will contain both the configuration and the startup files root@devel:/etc/ntopng# ls -lha total 28K drwxr-xr-x 2 root root 4.0K Mar 17 15:44 . drwxr-xr-x 117 root root 12K Mar 11 12:16 .. -rw-r--r-- 1 root root 211 Mar 15 17:54 ntopng.conf -rw-r--r-- 1 root root 0 Mar 17 15:44 ntopng.start Daemon Control ntopng daemon is controlled with the script /etc/init.d/ntopng. The script accepts different options. Calling the script without options yields the following brief help deri@devel 204> sudo /etc/init.d/ntopng Usage: /etc/init.d/ntopng {start|force-start|stop|restart|status} The options and the usage of the daemon control script is discusse below. start This option is used to start the ntopng daemon deri@devel 204> /etc/init.d/ntopng start Page ! of ! 6 75 * Starting ntopng ...done. force-start Equivalent to start. stop This option is used to stop an ntopng daemon instance. For example deri@devel 204> /etc/init.d/ntopng stop * Stopping ntopng ...done. restart This option causes the restart of a daemon associated to a given interface, e.g., deri@devel 204> /etc/init.d/ntopng restart * Stopping ntopng * Starting ntopng ...done. status This options prints the status of a daemon associated to a given interface, e.g., deri@devel 204> /etc/init.d/ntopng status ntopng running as 5623 Page ! of ! 7 75 Running ntopng on Windows Ntopng can be run either as service or as application (i.e. you can start it from cmd.exe). The ntopng installer registers the service and automatically starts is as shown below. In order to interact with ntopng from the command line, fire up a Windows Commands Promt and navigate to the ntopng installation directory. You may need to execute the commands promo with Administrator privileges. Commands are issued after a /c that stands for “console”. For example to display the inline help it suffices to run ntopng /c -h Specify Monitored Interfaces As network interfaces on Windows can have long names, a numeric index is associated to the interface in order to ease the ntopng configuration. The association interface name and index is shown in the inline help. c:\Program Files\ntopng>ntopng /c -h Starting ntopg Running ntopng. ntopng x64 v.2.3.160306 - (C) 1998-15 ntop.org Page ! of ! 8 75 The Windows Services Manager […] Available interfaces (-i <interface index>): 1. Intel(R) PRO/1000 MT Desktop Adapter {8EDDEFE3-D6DB-4F9B-9EDF-FBC0BFF67F3C} […] In the above example the network adapter Intel(R) PRO/1000 MT Desktop is associated with index 1. To select this adapter ntopng needs to be started with –i 1 option. Execution as a Windows Service Windows services are started and stopped using the Services application part of the Windows administrative tools. When ntopng is used as service, command line options need to be specified at service registration and can be modified only by removing and re-adding the service. The ntopng installer registers ntopng as a service with the default options. The default registered service options can be changed using these commands: ntopng /r Remove the service ntopng /i <new set of options> Install the service with the specified options. Page ! of ! 9 75 The Windows Command Promt In a Commands Promt: c:\Program Files\ntopng>ntopng /r ntopng removed. c:\Program Files\ntopng>ntopng /i -i 1 ntopng installed. NOTE: the default password for the 'admin' user has been set to 'admin'. c:\Program Files\ntopng> Page ! of ! 10 75 Command Line Options Ntopng supports a large number of command line parameters. To see what they are, simply enter the command ntopng -h and the help information should be printed: $ ./ntopng --help Usage: ntopng <configuration file path> or ntopng <command line options> Options: [--dns-mode|-n] <mode> | DNS address resolution mode | 0 - Decode DNS responses and resolve | local numeric IPs only (default) | 1 - Decode DNS uploads/Litterature/ ntopng-user-guide.pdf