Thursday, October 25, 2007

HeX: Using Darkstat & Ntop

If you are using HeX, you can track your network statistic easily with the use of both darkstat and ntop, and here I will show you the simple way of doing it. Both darkstat and ntop are accessible through the right click menu -> NSM-Toolkit -> Session -> Darkstat or Ntop.

It is pretty straighforward to get darkstat to run -

shell>sudo darkstat -i lnc0 -b 127.0.0.1 -p 5555

To run ntop -

Set the admin password so that you can access to the web interface -

shell>sudo ntop -u nobody --set-admin-password=whatever

shell>sudo chmod 777 /var/db/ntop

In order to make it start on boot, I add this part to the file - /etc/rc.conf

ntop_enable="YES"
ntop_flags="-i lnc0 -w 127.0.0.1:3000 -d --use-syslog=daemon"

Then I start it -

shell>/usr/local/etc/rc.d/ntop start

Now you can access the web gui by typing this in your browser -

Darkstat
http://127.0.0.1:5555

Ntop
http://127.0.0.1:3000

If you are opening this via localhost, you may figure firefox browser won't be displaying the graphs properly even you have java script enabled in the browser, here's simple trick to fix it, just do -

shell>rm -rf ~/.mozilla/firefox

Restart your firefox and you are done.

Some screenies below -








I will continue to write the tips and tricks for the HeX liveCD, if you find any network security monitoring tools that listed in the menu you want to use but don't know how, feel free to email me and I will post the write up. In fact I'm thinking of doing screencast tutorial, let me know what do you guys think about that?

Enjoy (;])

2 comments:

Anonymous said...

Hi,
Have installed Hex and am trying to follow above. Assume it should say "sudo chmod 777 /var/db/ntop" because I get an error otherwise. However, at next step firefox doesnt find anything on either 127.0.0.1:5554 or port 3000.
Please advise how to check that service is running?

JS

Anonymous said...

try ps ax