Why
Because I want to analyze the traffic across my LAN, and optimize accordingly.
Quick start via Docker
On my Linux router, make a folder for this service:
mkdir /opt/ntopng
cd /opt/ntopng
mkdir -p data/ntopng
mkdir -p data/redis
chmod 777 data/ntopng # to make sure mounted folder is accessible
chmod 777 data/redis # same as above
Note above I've given 777 permissions to data folders. This is because docker
-v
command mounts the files/folders with the host ownership PID:GID attached, in this case root:root
. However in the ntop/ntopng
docker image, the two data folders are originally owned by the redis
and ntopng
users only.Next we create a
docker-compose.yml
file under /opt/ntopng
:version: "3"
services:
ntopng:
image: ntop/ntopng:stable
command: --community -w 192.168.1.1:3000
volumes:
- ./data/ntopng:/var/lib/ntopng
- ./data/redis:/var/lib/redis
network_mode: host
restart: unless-stopped
network_mode: host
makes it monitor the bare-metal host interfaces directly instead of a docker default virtual network. We may no longer specify the exposed port in this way, the original readme ofntop/ntopng
with-p 3000:3000
is probably wrong.
--community
prevents it from starting as a pro trial version first, I'm using the community version anyway.
-w 192.168.1.1:3000
ensures the web service is only accessible from the LAN IP. I don't want to expose to the WAN IP yet.
volumes
are for persistent config/data between restarts. The ntopng RRD data are written to/var/lib/ntopng
, while some other configs like the admin passwords are saved under/var/lib/redis
.
Now we run
docker-compose up
in the folder, it should be up and running.Open the web portal http://192.168.1.1:3000/ and you should be greeted with a password reset guide. After this you can start monitoring your network data
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F1ac868be-486e-441a-9b5d-5e57148b436c%2FUntitled.png%3Fid%3Dda28fac2-7a66-447f-b32d-bfd5429fcf04%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3D3IgvgzgnfK4ozLLCIuhB4JYMK1foTWt4NB3QPVLQxFI?table=block&id=da28fac2-7a66-447f-b32d-bfd5429fcf04&cache=v2)
Adding notifications to Telegram
Let's navigate to notifications/endpoints
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F85caf299-3726-401d-885c-257a8deef37c%2FUntitled.png%3Fid%3Db42869e2-2a73-4c90-9790-f33a1550b215%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3DY-K2miccOizBL37MaZOawZjmaTCPkuQNalEc-Gr3HaY?table=block&id=b42869e2-2a73-4c90-9790-f33a1550b215&cache=v2)
Click "+" on the top right
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F2ed867d1-ecbd-4897-86e1-b8ef6bc44513%2FUntitled.png%3Fid%3D9b2df5b2-ec83-4647-9aba-1c047324da0f%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3DqqFvzR3rIfj75LNh-aEMjSQ6GFZCK5ydMkPqXpRpKKQ?table=block&id=9b2df5b2-ec83-4647-9aba-1c047324da0f&cache=v2)
Get a bot via the provided steps and fill in the token here.
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2Ff107a133-781a-4b21-8caf-b729f864ae0a%2FUntitled.png%3Fid%3D9aac6f0d-5619-4ad1-8eaa-00809670f175%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3DwV5REPeYau49kPz4tPW9Ye2JB02kckT5Cqcu44ViSZ8?table=block&id=9aac6f0d-5619-4ad1-8eaa-00809670f175&cache=v2)
Create a new channel/group on Telegram and add your bot as an admin.
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2Fbaab4b99-9077-471a-8198-fb7820e189e4%2FUntitled.png%3Fid%3D6c6c467a-e3a4-471e-8153-8d9b571ceca9%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3Da0z7Zow1NxJcQka_bVfN2lxkmiJ1Vur8L1tVJzkRPys?table=block&id=6c6c467a-e3a4-471e-8153-8d9b571ceca9&cache=v2)
Send any message in the channel and forward it to a bot (say @getidsbot) to get your channel id, in the form of
-1002155432156
.![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F8c6b1445-0273-4fa0-98d5-496b112e984c%2FUntitled.png%3Fid%3Dea0266f1-2f65-4293-886b-9da70a05fe48%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3D6XpHCKPfe0wWbRl7twpGGO4RxpcRIiGa6xhVf2nNBlU?table=block&id=ea0266f1-2f65-4293-886b-9da70a05fe48&cache=v2)
Let's go back to ntopng/notifications/recipients, add the channel id above as the recipient. Click "Test Recipient" and you should get a test message:
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F3bc7344d-3d1b-4b01-915d-4021b68ca10c%2FUntitled.png%3Fid%3D0278c6a6-3572-41d0-8c86-a4c5c259bbcc%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3D5dJtC-LNycwxfDpgKXVaCGWByqwn9XC_CxBp9B82hUs?table=block&id=0278c6a6-3572-41d0-8c86-a4c5c259bbcc&cache=v2)
Finally, navigate to ntopng/pools/pools and add your monitor as a recipient for each categories.
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F08176c7b-f14b-4c21-8897-b26710c29597%2FUntitled.png%3Fid%3D47327785-eeb3-4836-905a-1822a326b43f%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3D7G3y-TiuCb6ZWN_wear_UK7rF3GVjGbA0c-VVAc-6Qc?table=block&id=47327785-eeb3-4836-905a-1822a326b43f&cache=v2)
You should be able to get the alerts in the Telegram channel from now on.
![notion image](https://www.notion.so/image/https%3A%2F%2Ffile.notion.so%2Ff%2Ff%2F015ab979-66d5-4234-aeba-57e02d43990d%2F2c3a164b-1151-474d-b88a-ee785b2e12a5%2FUntitled.png%3Fid%3D3c005119-5883-4bf9-95f1-635ec960e7da%26table%3Dblock%26spaceId%3D015ab979-66d5-4234-aeba-57e02d43990d%26expirationTimestamp%3D1719453600000%26signature%3DDx7kjZuOo41m7F9RATeQTmd0yq58cKTHLN04YfLeb-A?table=block&id=3c005119-5883-4bf9-95f1-635ec960e7da&cache=v2)
What next?
- Optimize gaming experience by identifying the game server IP on ntopng and channel the traffic to a custom VPN (more on that next time)
- Identify suspicious network behavior
- You tell me?
See also
- ntopng official docker https://hub.docker.com/r/ntop/ntopng
- another ntopng docker image https://hub.docker.com/r/vimagick/ntopng
Loading Comments...