3 Installation
ntop is currently available on version 1.3. It is distributed under the GNU General Public License [9], and can be down-loaded free of charge from ntop's official homepage [3] and other mirrors on the Internet. It supports the platforms, media and protocols shown in the table below.
Before down-loading the software, it is important to select the station which will host ntop. This host should have an interface to the network to be monitored, since only the traffic captured through this interface can be analysed. In switched networks (or bridged networks), when selecting ntop's host station, it is important to consider that only the segment where ntop's host is installed will be monitored. Nevertheless, modern switches (switching hubs) allow global network traffic (or virtual LANs) to be mirrored to a specified switch port. Therefore, ntop can be activated on a host that is attached to such a port. Unfortunately, this is not possible in case of different LANs interconnected via routers, for instance, in an IP inter-network.
After having selected which station will host ntop, a proper down-load format should be chosen. Available formats include:
- source code (which should compile virtually on any UNIX and Win32 platform)
- application binary or binary package for different UNIX flavours (Linux, IRIX 6.2, Solaris 2.7 i386/SPARC, HP-UX 11.X, FreeBSD 3.X, AIX 4.1), and
- binary demo for Windows 95/98/NT (limited to 1,000 packets capture).
Both UNIX and Win32 versions are developed under a single source-code tree, using a system-independent interface for user-level packet capture called libpcap. This library is available for most UNIX flavours, and has been ported to the Win32 platform by the authors of ntop. This Win32 port can also be down-loaded from the official homepage.
In the supported UNIX platforms, after having down-loaded ntop's source code and installed libcap, ntop should be compiled and installed:
# cd /ntops-directory/ntop-1.3# sh ./configure# make# make install# exitIf ntop has been down-loaded in binary format, the installation process depends on the package manager being used.
As mentioned before, ntop's full source code is available free of charge on the Internet, through the URL ftp://ftp.ntop.org/pub/local/ntop/snapshots/. In order to fund the project partially, if a Windows user is not willing or is not able to compile ntop, the full version in binary form is distributed under the payment of a US$ 49.95 fee.
After the installation, ntop should be executed (by a user with super-user access), and will start capturing packets from the network. When activated in web-based mode, ntop features its own internal web server (set to a specific port on the start-up). Therefore, it will be possible to access the software with a web browser through the URL http://hostname:portnumber/
The current version of ntop supports plug-ins, as an extension mechanism. The administrator is allowed to extend ntop's functionality with extra-features. Examples of plug-ins are ICMP, ARP/RARP and WAP plug-ins. Those can be installed optionally, and started-up selectively during ntop initialization.