There are various types of network problems that occur in an organization,which results in inaccessible devices,performance degradation, etc.These can be classified as:
Network Hardware failure : Includes faulty devices like switches,Ethernet cards,improper cabling etc.
Network configuration problems : Includes issues related to improper configuration of protocols
Malicious code : Includes issues as a result of the presence of worms/viruses on the network
In order to troubleshoot network problems from scratch you need to start checking by hardware – ie,physically check network cabling,network cables crossovers over electric cables,quality of switches routers etc. If the problem lies in the hardware this method of tracking is reasonably straightforward.
However,If the issue is related to any network configuration/malicious code then it will be more difficult to check out the issue. This is because there are a variety of different devices present on the network. In your network there will be different operating systems with various protocols,firewalls,routers,switches etc. Troubleshooting start with monitoring traffic continuously over a period of time to find the root cause of the issue. Monitoring should cover various parameters like protocols being used,bandwidth utilization etc. In this scenario,a good reliable network monitoring tool becomes a must to pinpoint such issues.
There are various network monitoring tools available on the Linux platform,one such simple network monitoring choice is Ntop. It is a very effective way to monitor the network, and has various functions from packet capture to displaying an analysis of the captures in a Web browser, in different modules:
*Packet capture : Ntop captures packets from predefined network interface and buffers them, and thus it reduces the possibility of packet drops.
*Packet analyzer: Ntop analyzes the packets one at a time, to extract various information like host’s operating system, a record of when the host appeared on the network for the first time,address resolution etc. All these information are cached and stored in an SQL database.
*Network flow measurement: This means matching captured packets with a predefined rule or criterion
*Plugins : Various plugins can be enabled or disabled at startup or from the web interface
*Webserver :All the captured,analyzed and measured information is displayed on a web page for easy navigation and inspection. By default,Ntop webserver runs on port 3000 for HTTP connections. Authentication is required to access data.
There are two modes of operation. It displays the network status on the users terminal when using interactive mode and in web mode it acts as a web server,creating a HTML dump of the network status.
Steps to install ntop
1.Install Dependencies
yum install gcc gcc-c++ make libpcap libpcap-devel gdbm-devel libgd-devel libpng-devel libtool libtool-libs rrdtool rrdtool-devel
2.Download the latest version of ntop tool
wget http://sourceforge.net/projects/ntop/files/ntop/Stable/ntop-5.0.1.tar.gz/download
Extract
tar -xvf ntop-5.0.1.tar.gz
Go to the extracted folder
cd ntop-3.3.9
3.Installing Ntop
./autogen.sh
make
make install
4.create ntop user
useradd -M -s /sbin/nologin -r ntop
5.Setting up permissions
chown ntop:root /usr/local/var/ntop/
6.Setting up admin password
ntop -A
7.start the ntop daemon
/usr/local/bin/ntop -d -L -u ntop -P /usr/local/var/ntop –skip-version-check –use-syslog=daemon
8.Now open your browser with port 3000
http://localhost:3000/or http://ip:3000
If you require help, contact SupportPRO Server Admin
