July 2008
« Jun   Aug »

Install ntop on Red Hat / CentOS Linux

ntop is a network and traffic analyzer that provides a wealth of information on various networking hosts and protocols. ntop is primarily accessed via a built-in web interface.

# cd /opt
# wget

Configure and Compile ntop under RHEL

You must have RRDTool installed. You also need to install libpcap, enter:

# yum install libpcap-devel libpcap

Type the following commands to compile and install ntop:

# cd ntop
# ./

Just type make to compile ntop:

# make

Just type make install to install ntop:

# make install
# make install-data-as

Create ntop user

Type the following command to run ntop as ntop user, enter:

# useradd -M -s /sbin/nologin -r ntop

Setup directory permissions

Next, you need to setup directory permissions, enter:

# chown ntop:root /usr/local/var/ntop/
# chown ntop:ntop /usr/local/share/ntop/

Setup ntop user admin password

Type the following command to set ntop admin password, enter:

# ntop -A

Sample output:

Mon Jul 28 03:38:34 2008  NOTE: Interface merge enabled by default
Mon Jul 28 03:38:34 2008  Initializing gdbm databases

ntop startup - waiting for user response!

Please enter the password for the admin user:
Please enter the password again:
Mon Jul 28 03:38:42 2008  Admin user password has been set

Start ntop

Type the following command to start ntop:

# /usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop --skip-version-check   --use-syslog=daemon

Sample output:

Mon Jul 28 03:42:19 2008  NOTE: Interface merge enabled by default

Mon Jul 28 03:42:19 2008  Initializing gdbm databases

If you have multiple interface (eth0, eth1 and so on), start ntop as follows:

# /usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check   --use-syslog=daemon


  • -i “eth0,eth1” : Specifies the network interface or interfaces to be used by ntop for network monitoring. Here you are monitoring eth0 and eth1.
  • -d : Run ntop as a daemon.
  • -L : Send all log messages to the system log (/var/log/messages) instead of screen.
  • -u ntop : Start ntop as ntop user
  • -P /usr/local/var/ntop : Specify where ntop stores database files. You may need to backup database as part of your disaster recovery program.
  • –skip-version-check : By default, ntop accesses a remote file to periodically check if the most current version is running. This option disables that check.
  • –use-syslog=daemon : Use syslog daemon.

How do I view ntop stats?

By default ntop listen on 3000 port. You can view ntop stats by visiting following url:




How do I view ntop stats without opening port 3000?

Setup simple tunnel using ssh, enter the following on your local UNIX / Linux desktop system:

$ ssh -L 3000:localhost:3000 -N -f

Now open browser and type the following command:


How do I start ntop on boot?

Open /etc/rc.local file, enter:

# vi /etc/rc.local

Append the following line:

/usr/local/bin/ntop -i "eth0,eth1" -d -L -u ntop -P /usr/local/var/ntop --skip-version-check   --use-syslog=daemon

Save and close the file.

How do I stop ntop?

Use web interface to shutdown ntop, or use normal kill / killall command:

# killall ntop

1 comment to Install ntop on Red Hat / CentOS Linux

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>