新一代Ntopng網絡流量監控—可視化和架構分析

時間 2019-12-05

原文原文鏈接

NTopng主要特性html

多協議網絡流量；IPv4/IPv6活躍主機python

網絡流量監控（RRD存儲格式）；基於nDPI實現應用協議發現linux

做爲 NetFlow/sFlow 採集器 (Cisco/ Juniper 路由器) ；交換機配合 nProbe.ios

效果圖

What ntopng can do for me?

http://www.ntop.org/products/ntopgit
Sort network traffic according to many protocolsgithub
Show network traffic and IPv4/v6 active hosts數據庫
Store on disk persistent traffic statistics in RRD formatmacos
Geolocate hostsjson
Discover application protocols by leveraging on nDPI, ntop’s DPI framework.後端
Characterise HTTP traffic by leveraging on characterisation services provided by block.si. ntopng comes with a demo characterisation key, but if you need a permanent one, please mail info@block.si.
Show IP traffic distribution among the various protocols
Analyse IP traffic and sort it according to the source/destination
Display IP Traffic Subnet matrix (who’s talking to who?)
Report IP protocol usage sorted by protocol type
Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe.
Produce HTML5/AJAX network traffic statistics

Ntopng 架構

Libpcap

網絡數據包捕獲函數包

Sqlite

輕型數據庫，多語言支持（ntopng中應該是和python結合），不少嵌入式系統也用到它

Gdbm：DBM的GNU版本，使用hash存儲非結構化數據

Python

autoconf、automake、pkg-config、libtool（提供通用的庫編譯支持）

Gettext、icu4c：國際化(I18N)和本地化(L10N)，多語言支持

libffi：「FFI」的全名是 Foreign Function Interface，一般指的是容許以一種語言編寫的代碼調用另外一種語言的代碼。而「Libffi」庫只提供了最底層的、與架構相關的、完整的」FFI」，所以在它之上必須有一層來負責管理兩種語言之間參數的格式轉換

Gobject-introspection：（簡稱 GI）用於產生與解析 C 程序庫 API 元信息，以便於動態語言（或託管語言）綁定基於 C + GObject 的程序庫

json-glib、json-c、openssl、glib

ZeroMQ

號稱最快的消息庫，協議級，目標是成爲Linux的一部分。

《ZeroMQ社區》：《ZeroMQ社區生態白皮書》、《ZMQ架構哲學》

libtasn1：用於開發 ASN.1 (Abstract Syntax Notation One) 結構管理的 C 庫

gmp

Nettle：a low-level cryptographic library （加密）

Gnutls：（加密）

libpng：the official PNG reference library （圖形）

pixman：像素管理（圖形）

Cairo：a2Dgraphicslibrarywithsupportformultipleoutputdevices.

Freetype：FreeType庫是一個徹底免費（開源）的、高質量的且可移植的字體引擎，它提供統一的接口來訪問多種字體格式文件，包括TrueType,OpenType, Type1, CID,CFF, Windows FON/FNT, X11 PCF等

fontconfig：字體庫管理

Pango

Pango（Παν語）是一個開放源代碼的自由函數庫，用於高質量地渲染國際化的文字。Pango能夠使用不一樣的後端字體，並提供了跨平臺支持。依賴Harfbuzz ：一個開源的text opentype layout 引擎。

RRDtool

源自MRTG（多路由器流量繪圖器）。MRTG是有一個大學鏈接到互聯網鏈路的使用率的小腳本開始的。MRTG後來被看成繪製其餘數據源的工具使用，包括溫度、速度、電壓、輸出量等等。

參考：http://blog.sina.com.cn/s/blog_4e424e2101000b5s.html

luajit

C語言寫的Lua的解釋器

Geoip：IP GIS圖形

Redis

Redis是一個開源的使用ANSIC語言編寫、支持網絡、可基於內存亦可持久化的日誌型、Key-Value數據庫，並提供多種語言的API。Ntopng的Redis數據結構以下：

Brew快速安裝

yanruideMacBook-Pro:~ yanrui$ ruby -v

ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14]

yanruideMacBook-Pro:~ yanrui$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

==> This script will install:

/usr/local/bin/brew

/usr/local/Library/...

/usr/local/share/man/man1/brew.1

Press RETURN to continue or any other key to abort

==> Downloading and installing Homebrew...

remote: Counting objects: 237423, done.

remote: Compressing objects: 100% (1040/1040), done.

remote: Total 237423 (delta 711), reused 0 (delta 0), pack-reused 236381

Receiving objects: 100% (237423/237423), 32.52 MiB | 1.01 MiB/s, done.

Resolving deltas: 100% (176649/176649), done.

From https://github.com/Homebrew/homebrew

* [new branch] master -> origin/master

HEAD is now at 0faf905 Return early for the == case in Version#<=>

==> Installation successful!

==> Next steps

Run `brew doctor` before you install anything

Run `brew help` to get started

yanruideMacBook-Pro:~ yanrui$brew install ntopng

cairo: XQuartz is required to install this formula.

You can install with Homebrew Cask:

brew install Caskroom/cask/xquartz

You can download from:

https://xquartz.macosforge.org

pango: XQuartz is required to install this formula.

You can install with Homebrew Cask:

brew install Caskroom/cask/xquartz

You can download from:

https://xquartz.macosforge.org

Error: Unsatisified requirements failed this build.

yanruideMacBook-Pro:~ yanrui$ brew install Caskroom/cask/xquartz

Cloning into '/usr/local/Library/Taps/caskroom/homebrew-cask'...

remote: Counting objects: 128670, done.

remote: Compressing objects: 100% (12/12), done.

remote: Total 128670 (delta 4), reused 0 (delta 0), pack-reused 128658

Receiving objects: 100% (128670/128670), 37.17 MiB | 6.00 KiB/s, done.

Resolving deltas: 100% (85113/85113), done.

Checking connectivity... done.

Ntopng 服務啓動

yanruideMacBook-Pro:~ yanrui$ sudo ntopng

19/Mar/2015 11:51:40 [Ntop.cpp:586] Setting local networks to 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8

19/Mar/2015 11:51:40 [Redis.cpp:74] Successfully connected to Redis 127.0.0.1:6379

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en0 [id: 0]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface awdl0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface awdl0 [id: 1]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en1...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en1 [id: 2]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface en2...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface en2 [id: 3]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface p2p0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface p2p0 [id: 4]

19/Mar/2015 11:51:40 [PcapInterface.cpp:81] Reading packets from interface lo0...

19/Mar/2015 11:51:40 [Ntop.cpp:710] Registered interface lo0 [id: 5]

19/Mar/2015 11:51:40 [Utils.cpp:251] User changed to nobody

19/Mar/2015 11:51:40 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid