Tuesday, December 4, 2018

Installing ntopng on pfsense






I recently installed pfsense on a pc engine APU.2C4 mini-server.
It is now my network router and it’s been working like a champ.

Now I want to start customizing it some more.  First up I want to be able to monitor network traffic.

Looking around I found ntopng https://www.ntop.org/products/traffic-analysis/ntop/ [1] as a tool I can install in pfsense and get the data I need.

In these notes I am going to record how to install it and use it.





Current Status


A friend of mine is wondering how much CPU resources this tool may take up so I am going to record what my current load is before installing it and do a look at the load after.

Currently I have a basic install of pfsense.





Running an internet speed test I saw it spike to 25%






I am on pfsense version 2.4.4



Installing


Before I start installing it here are some good videos I found on YouTube going over ntopng






Log into pfsense and select System à Package Manager




Click on Available Packages




Enter ntop and click search.





Click Install




Click Confirm




Watch it install





Install took less than 2 min, in my case J






Click on Installed packages and you should now see that it is installed.






CPU usage after install





At idle the CPU usage has not changed its still 3%.  But the memory usage went up to 11% from  6%.

I have done no settings yet

Running a speed test




I saw a similar spike to pre-ntopng at ~20%



Configuring





Go to Diagnotics à ntopng Settings




It’s not yet enabled.  I wonder how that will effect CPU/Memory when it is?






Enable ntopng,  Enter password and select all Interfaces





Click Save

After the page refreshes





Click Update GeoIP Data to grab fresh Geo data.

Now before I do anything else let me look at the load again




At idle still 3% and Memory Usage at 16% … so that went up a little.



Settings





Go to Diagnostics à ntopng





Got a proxy timeout…

It’s going to another port on the  box https://192.168.0.1:3000/
Maybe it is being blocked?



Issue can’t access ntopng


Let me check on the status




Status à Services




Hey it’s not even running!




Let me start the service up.




It’s running

Let me go check my CPU load




At idle it jumped up to 6% and Memory Usage went up to 19%



Open it again





Open the ntopng tool up again Diagnotics à ntopng




Hey an improvement.  Click advanced, in chrome to bypass and open the page.






Now you need to log in to this separate tool username admin, password is the one you set in the configurations





Wahoo something!



What can I do


First let me grab the current IP address of the box I am on using a cygwin command.



  > ipconfig | grep IPv4





I happen to be 192.168.0.10 at the moment





If I click on hosts I can see which Host is using the what % of bandwidth currently.




Oh you can even see the top ports being hit currently.  J






Click on Flows






From here you can probably find your computer listed click on it in the client column




Lots of cool detail here




Conclusion


This tool give you a lot.  This is a Swiss army knife I would suggest watching the videos I listed to get a better idea on what you can do.

            https://youtu.be/uGN6NYFkrh4
            https://youtu.be/TWqdtVJSO_8


References


[1]        ntopng High-Speed Web-based Traffic Analysis and Flow Collection
[2]        Using the ntopng package on pfSense 2.3.2 for Traffic Analysis &
             Collection
             Lawrence Systems / PC Pickup
            https://youtu.be/uGN6NYFkrh4
            Accessed 12/2018
[3]        pfsense Tools for Networking Troubleshooting & Problem Solving :
             pftop, NTOPng, packet capture
             Lawrence Systems / PC Pickup
            https://youtu.be/TWqdtVJSO_8
            Accessed 12/2018
[4]        ntopng can't load the page
            https://forum.netgate.com/topic/107156/solved-ntopng-can-t-load-the-page/14
            Accessed 12/2018





5 comments:

  1. Guru.... Awesome 👏👍☺️.... Excellent efforts and great contribution.... God bless you and be with you.... keep sharing...🏇👍

    ReplyDelete
  2. have been looking for this, found it and it solved my problem straight away. pfsense+ntopng is just so perfect

    ReplyDelete
  3. Ntop in pfsense can't dump expired flow to mysql or elastic. can you help me please ?

    ReplyDelete
  4. Ntop in pfsense can't dump expired flow to mysql or elastic. can you help me please ?

    ReplyDelete