🏡Eli's Backyard Interchange/
Monitoring your LAN with ntopng
Search

Monitoring your LAN with ntopng

Created
Jun 5, 2021 05:40 PM
Tags
Linux
Networking

Why

Because I want to analyze the traffic across my LAN, and optimize accordingly.
 

Quick start via Docker

On my Linux router, make a folder for this service:
mkdir /opt/ntopng
cd /opt/ntopng
mkdir -p data/ntopng
mkdir -p data/redis
chmod 777 data/ntopng # to make sure mounted folder is accessible
chmod 777 data/redis # same as above
Note above I've given 777 permissions to data folders. This is because docker -v command mounts the files/folders with the host ownership PID:GID attached, in this case root:root. However in the ntop/ntopng docker image, the two data folders are originally owned by the redis and ntopng users only.
 
Next we create a docker-compose.yml file under /opt/ntopng:
version: "3"

services:
  ntopng:
    image: ntop/ntopng:stable
    command: --community -w 192.168.1.1:3000
    volumes:
      - ./data/ntopng:/var/lib/ntopng
      - ./data/redis:/var/lib/redis
    network_mode: host
    restart: unless-stopped
  • network_mode: host makes it monitor the bare-metal host interfaces directly instead of a docker default virtual network. We may no longer specify the exposed port in this way, the original readme of ntop/ntopng with -p 3000:3000 is probably wrong.
  • --community prevents it from starting as a pro trial version first, I'm using the community version anyway.
  • -w 192.168.1.1:3000 ensures the web service is only accessible from the LAN IP. I don't want to expose to the WAN IP yet.
  • volumes are for persistent config/data between restarts. The ntopng RRD data are written to /var/lib/ntopng, while some other configs like the admin passwords are saved under /var/lib/redis.
 
Now we run docker-compose up in the folder, it should be up and running.
Open the web portal http://192.168.1.1:3000/ and you should be greeted with a password reset guide. After this you can start monitoring your network data
notion image
 

Adding notifications to Telegram

Let's navigate to notifications/endpoints
notion image
Click "+" on the top right
notion image
Get a bot via the provided steps and fill in the token here.
notion image
Create a new channel/group on Telegram and add your bot as an admin.
notion image
Send any message in the channel and forward it to a bot (say @getidsbot) to get your channel id, in the form of -1002155432156 .
notion image
Let's go back to ntopng/notifications/recipients, add the channel id above as the recipient. Click "Test Recipient" and you should get a test message:
notion image
Finally, navigate to ntopng/pools/pools and add your monitor as a recipient for each categories.
notion image
You should be able to get the alerts in the Telegram channel from now on.
notion image

What next?

  • Optimize gaming experience by identifying the game server IP on ntopng and channel the traffic to a custom VPN (more on that next time)
  • Identify suspicious network behavior
  • You tell me?

See also

Loading Comments...

Copyright 2021 Eli Gao