新一代Ntopng网络流量监控—可视化和架构分析

What ntopng can do for me? 

• http://www.ntop.org/products/ntop

• Sort network traffic according to many protocols

• Show network traffic and IPv4/v6 active hosts

• Store on disk persistent traffic statistics in RRD format

• Geolocate hosts

• Discover application protocols by leveraging on nDPI, ntop’s DPI framework.

• Characterise HTTP traffic by leveraging on characterisation services provided by block.si. ntopng comes with a demo characterisation key, but if you need a permanent one, please mail [email protected].

• Show IP traffic distribution among the various protocols

• Analyse IP traffic and sort it according to the source/destination

• Display IP Traffic Subnet matrix (who’s talking to who?)

• Report IP protocol usage sorted by protocol type

• Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe.

• Produce HTML5/AJAX network traffic statistics

Ntopng 架构

Libpcap

网络数据包捕获函数包,无所不在。。。

drwxr-xr-x  3 yanrui  admin  102  3 18 16:13 readline

Sqlite

轻型数据库，多语言支持（ntopng中应该是和python结合），甚至很多嵌入式系统都用到它

drwxr-xr-x  3 yanrui  admin  102  3 18 16:13 gdbm

drwxr-xr-x  3 yanrui  admin  102  3 18 16:14 openssl

drwxr-xr-x  3 yanrui  admin  102  3 18 16:15 python

drwxr-xr-x  3 yanrui  admin  102  3 18 16:15 autoconf

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 automake

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 pkg-config

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 libtool

drwxr-xr-x  3 yanrui  admin  102  3 18 16:16 gettext

drwxr-xr-x  3 yanrui  admin  102  3 18 16:17 libffi

drwxr-xr-x  3 yanrui  admin  102  3 18 16:17 glib

drwxr-xr-x  3 yanrui  admin  102  3 18 16:17 gobject-introspection

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 json-glib

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 wget

 ZeroMQ

号称最快的消息库，协议级，目标是成为Linux的一部分。目前研究中，将开专文探讨

drwxr-xr-x  3 yanrui  admin  102  3 18 16:18 libtasn1

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 gmp

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 nettle

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 gnutls

drwxr-xr-x  3 yanrui  admin  102  3 18 16:19 json-c

drwxr-xr-x  3 yanrui  admin  102  3 18 16:20 libpng

drwxr-xr-x  3 yanrui  admin  102  3 18 16:20 freetype

drwxr-xr-x  3 yanrui  admin  102  3 18 16:20 fontconfig

drwxr-xr-x  3 yanrui  admin  102  3 18 16:23 pixman

drwxr-xr-x  3 yanrui  admin  102  3 18 16:24 cairo

drwxr-xr-x  3 yanrui  admin  102  3 18 16:30 icu4c

Pango

Pango（Παν语）是一个开放源代码的自由函数库，用于高质量地渲染国际化的文字。Pango可以使用不同的后端字体，并提供了跨平台支持。依赖Harfbuzz ：一个开源的text opentype layout 引擎。

 RRDtool

源自MRTG（多路由器流量绘图器）。MRTG是有一个大学连接到互联网链路的使用率的小脚本开始的。MRTG后来被当作绘制其他数据源的工具使用，包括温度、速度、电压、输出量等等。

参考：http://blog.sina.com.cn/s/blog_4e424e2101000b5s.html

drwxr-xr-x  3 yanrui  admin  102  3 18 16:32 luajit

drwxr-xr-x  3 yanrui  admin  102  3 18 16:32 geoip

 Redis

Redis是一个开源的使用ANSI C语言编写、支持网络、可基于内存亦可持久化的日志型、Key-Value数据库，并提供多种语言的API。从2010年3月15日起，Redis的开发工作由VMware主持。从2013年5月开始，Redis的开发由Pivotal赞助

drwxr-xr-x  3 yanrui  admin  102  3 18 16:34 ntopng

Brew快速安装

yanruideMacBook-Pro:~ yanrui$ ruby -v

ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14]

yanruideMacBook-Pro:~ yanrui$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

==> This script will install:

/usr/local/bin/brew

/usr/local/Library/...

/usr/local/share/man/man1/brew.1

Press RETURN to continue or any other key to abort

==> Downloading and installing Homebrew...

remote: Counting objects: 237423, done.

remote: Compressing objects: 100% (1040/1040), done.

remote: Total 237423 (delta 711), reused 0 (delta 0), pack-reused 236381

Receiving objects: 100% (237423/237423), 32.52 MiB | 1.01 MiB/s, done.

Resolving deltas: 100% (176649/176649), done.

From https://github.com/Homebrew/homebrew

 * [new branch]      master     -> origin/master

HEAD is now at 0faf905 Return early for the == case in Version#<=>

==> Installation successful!

==> Next steps

Run `brew doctor` before you install anything

Run `brew help` to get started

yanruideMacBook-Pro:~ yanrui$ brew ?

Error: Unknown command: ?

yanruideMacBook-Pro:~ yanrui$ brew?

-bash: brew?: command not found

yanruideMacBook-Pro:~ yanrui$ 

yanruideMacBook-Pro:~ yanrui$ 

yanruideMacBook-Pro:~ yanrui$ brew help

Example usage:

  brew [info | home | options ] [FORMULA...]

  brew install FORMULA...

  brew uninstall FORMULA...

  brew search [foo]

  brew list [FORMULA...]

  brew update

  brew upgrade [FORMULA...]

  brew pin/unpin [FORMULA...]

Troubleshooting:

  brew doctor

  brew install -vd FORMULA

  brew [--env | config]

Brewing:

  brew create [URL [--no-fetch]]

  brew edit [FORMULA...]

  open https://github.com/Homebrew/homebrew/blob/master/share/doc/homebrew/Formula-Cookbook.md

Further help:

  man brew

  brew home

yanruideMacBook-Pro:~ yanrui$ brew info

yanruideMacBook-Pro:~ yanrui$ brew update

Updated Homebrew from 0faf9056 to 90abb002.

==> Updated Formulae

libdnet

Brew install ntopng

yanruideMacBook-Pro:~ yanrui$ brew install ntopng

cairo: XQuartz is required to install this formula.

You can install with Homebrew Cask:

  brew install Caskroom/cask/xquartz

You can download from:

  https://xquartz.macosforge.org

pango: XQuartz is required to install this formula.

You can install with Homebrew Cask:

  brew install Caskroom/cask/xquartz

You can download from:

  https://xquartz.macosforge.org

Error: Unsatisified requirements failed this build.

yanruideMacBook-Pro:~ yanrui$ brew install Caskroom/cask/xquartz

Cloning into '/usr/local/Library/Taps/caskroom/homebrew-cask'...

remote: Counting objects: 128670, done.

remote: Compressing objects: 100% (12/12), done.

remote: Total 128670 (delta 4), reused 0 (delta 0), pack-reused 128658

Receiving objects: 100% (128670/128670), 37.17 MiB | 6.00 KiB/s, done.

Resolving deltas: 100% (85113/85113), done.

Checking connectivity... done.

Ntopng 服务启动

yanruideMacBook-Pro:~ yanrui$ sudo ntopng

19/Mar/2015 11:51:40 [Ntop.cpp:586] Setting local networks to 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8

19/Mar/2015 11:51:40 [Redis.cpp:74] Successfully connected to Redis 127.0.0.1:6379

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en0 [id: 0]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface awdl0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface awdl0 [id: 1]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en1...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en1 [id: 2]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en2...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en2 [id: 3]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface p2p0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface p2p0 [id: 4]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface lo0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface lo0 [id: 5]

19/Mar/2015 11:51:40 [Utils.cpp:251] User changed to nobody

19/Mar/2015 11:51:40 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNum.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNum.dat

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCity.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCity.dat

Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat

19/Mar/2015 11:51:40 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat

19/Mar/2015 11:51:40 [HTTPserver.cpp:351] HTTPS Disabled: missing SSL certificate /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/ssl/ntopng-cert.pem

19/Mar/2015 11:51:40 [HTTPserver.cpp:352] Please read https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL if you want to enable SSL.

19/Mar/2015 11:51:40 [HTTPserver.cpp:389] Web server dirs [/usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs][/usr/local/Cellar/ntopng/1.2.1/share/ntopng/scripts]

19/Mar/2015 11:51:40 [HTTPserver.cpp:392] HTTP server listening on port 3000

19/Mar/2015 11:51:40 [main.cpp:232] Working directory: /var/tmp/ntopng

19/Mar/2015 11:51:40 [main.cpp:234] Scripts/HTML pages directory: /usr/local/Cellar/ntopng/1.2.1/share/ntopng

19/Mar/2015 11:51:40 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.1 (r1.2.1) - (C) 1998-14 ntop.org

19/Mar/2015 11:51:40 [PeriodicActivities.cpp:53] Started periodic activities loop...

19/Mar/2015 11:51:40 [RuntimePrefs.cpp:32] Dump alerts into syslog

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface en0 [id: 1]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface awdl0 [id: 2]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface en1 [id: 3]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface en2 [id: 4]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface p2p0 [id: 5]...

19/Mar/2015 11:51:40 [NetworkInterface.cpp:800] Started packet polling on interface lo0 [id: 6]...

欢迎交流指正！