NTop Memo

ntop - network top をちょっと前に入れたのだけど、前に一度やったことがある割には、あきれるほど何も覚えていなかったのでメモ。

NTop Setup

  • install (debian)
  • 管理パスワードの設定
# /etc/init.d/ntop --set-admin-password
Wed Jun  9 21:18:52 2010  NOTE: Interface merge enabled by default
Wed Jun  9 21:18:52 2010  Initializing gdbm databases
NOTE: --set-admin-password requested, no password.  Did you forget the =?

ntop startup - waiting for user response!

Please enter the password for the admin user:
Please enter the password again:
Wed Jun  9 21:18:59 2010  Admin user password has been set
  • 起動
# /etc/init.d/ntop start
  • チェック
# ps ax | grep ntop
30114 ?        S<sl   0:00 /usr/sbin/ntop -d -L -u ntop -P /var/lib/ntop --access-log-file /var/log/ntop/access.log -i eth0 -p /etc/ntop/protocol.list -O /var/log/ntop
30129 pts/1    S<+    0:00 grep ntop
# netstat -anp | grep ntop
tcp        0      0  *               LISTEN      30114/ntop
  • 起動すると tcp/3000 で Web UI が起動しているのでここからはブラウザで接続して操作。
  • NetFlow設定
    [Edit NetFlow Device]
      Flow Collection
        Local Collector UDP Port : 2055 (default)
        Virtual NetFlow Interface Network Address
  • これで 2055 で netflow packet を受け取るようになる。確認。
# netstat -anp | grep ntop
tcp        0      0  *               LISTEN      30489/ntop
udp        0      0  *                           30489/ntop

Cisco 1812J Netflow Setup

Cisco NetFlowの設定:: ユーザガイド あたりがコンパクトに書いてあって見やすい。

  • 設定
ip cef

interface FastEthernet1
 ip route-cache flow
 ip flow ingress
 ip flow egress

ip flow-cache timeout active 1
ip flow-export source FastEthernet1
ip flow-export version 5
ip flow-export destination <server_ip> 2055
  • 確認
Router#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1) (FastEthernet1)
    Destination(1)  <server_ip> (2055)
  Version 5 flow records
  533461 flows exported in 41872 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

あとは NTop Web UI からいろいろ見て回る。のだけど、UIが独特でかつ多機能なので何をたどるとどこに行くのか、どうも直観的にわかりにくいのがなあ。