Running ntopng and nDPI on MacOSX

Posted · Add Comment

On Mac OS X users expect simple tool packaging and installation. Initially we planned to distribute .dmg files containing our apps, but then we have decided that in order to support current and future OSX version more easily, this was not the way to go. For this reason we have added support for packaging systems such as HomeBrew (and soon) MacPorts (work is still ongoing but close to the end).

Today if you want to run ntopng and nDPI on your OSX box you have the option to:

  1. compile everything by hand (this is good for developers or those who want to use the code in SVN) as you would do on every Unix box.
  2. use homebrew to build the stable version of our tools in a matter of minutes.

The steps you need to follow are simple

  1. Install homebrew or update your existing installation as shown below.
    # brew update
    Checking out files: 100% (845/845), done.
    Updated Homebrew from 4b55aa57 to 0cb85ea5.
    ==> New Formulae
    argyll-cms	  datamash	    git-latexdiff     ipv6toolkit	libtins		  onepass	    stuntman	      volatility
    bokken		  dnsrend	    gnu-cobol	      jbake		makeself	  pianod	    sync_gateway      whitedb
    ccm		  doitlive	    golo	      jetty-runner	mighttpd2	  profanity	    syncthing	      yubico-piv-tool
    cmockery2	  espeak	    grsync	      ldc		ndpi		  qwtpolar	    terraform
    codequery	  fpc		    hachoir-metadata  librcsc		ntopng		  soccerwindow2	    transcrypt
    csfml		  freeswitch	    harbour	      libsecret		ocamlsdl	  ssdb		    ttylog
    cwm		  geographiclib	    ipinfo	      libstrophe	omega		  storm		    udpxy
    ==> Updated Formulae
    aamath			      cadaver			    ddate			  
    ....
    
  2. Build ntopng as follows (you can do the same for ndpi):
    # brew install ntopng
    ==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/ntopng-1.2.1.mavericks.bottle.tar.gz
    ######################################################################## 100.0%
    ==> Pouring ntopng-1.2.1.mavericks.bottle.tar.gz
      /usr/local/Cellar/ntopng/1.2.1: 292 files, 6.4M
    # brew test ntopng
    Testing ntopng
    ==> /usr/local/Cellar/ntopng/1.2.1/bin/ntopng -h
    
  3. Now it is time to start ntopng:
    # sudo ntopng
    12/Sep/2014 08:32:34 [Ntop.cpp:586] Setting local networks to 192.168.1.0/24,0.0.0.0/32,224.0.0.0/8,239.0.0.0/8,255.255.255.255/32,127.0.0.0/8
    12/Sep/2014 08:32:34 [Redis.cpp:74] Successfully connected to Redis 127.0.0.1:6379
    12/Sep/2014 08:32:34 [PcapInterface.cpp:81] Reading packets from interface en0...
    12/Sep/2014 08:32:34 [Ntop.cpp:710] Registered interface en0 [id: 0]
    12/Sep/2014 08:32:34 [PcapInterface.cpp:81] Reading packets from interface en1...
    12/Sep/2014 08:32:34 [Ntop.cpp:710] Registered interface en1 [id: 1]
    12/Sep/2014 08:32:34 [PcapInterface.cpp:81] Reading packets from interface lo0...
    12/Sep/2014 08:32:34 [Ntop.cpp:710] Registered interface lo0 [id: 2]
    12/Sep/2014 08:32:34 [Utils.cpp:233] Privileges are not dropped as we're not superuser
    12/Sep/2014 08:32:34 [main.cpp:184] PID stored in file /var/tmp/ntopng.pid
    Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
    12/Sep/2014 08:32:34 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
    Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
    12/Sep/2014 08:32:34 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
    Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
    12/Sep/2014 08:32:34 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCity.dat
    Error Opening file /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat
    12/Sep/2014 08:32:34 [Geolocation.cpp:59] WARNING: Unable to read GeoIP database /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/GeoLiteCityv6.dat
    12/Sep/2014 08:32:34 [HTTPserver.cpp:351] HTTPS Disabled: missing SSL certificate /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/ssl/ntopng-cert.pem
    12/Sep/2014 08:32:34 [HTTPserver.cpp:352] Please read https://svn.ntop.org/svn/ntop/trunk/ntopng/README.SSL if you want to enable SSL.
    12/Sep/2014 08:32:34 [HTTPserver.cpp:389] Web server dirs [/usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs][/usr/local/Cellar/ntopng/1.2.1/share/ntopng/scripts]
    12/Sep/2014 08:32:34 [HTTPserver.cpp:392] HTTP server listening on port 3000
    12/Sep/2014 08:32:34 [main.cpp:232] Working directory: /var/tmp/ntopng
    12/Sep/2014 08:32:34 [main.cpp:234] Scripts/HTML pages directory: /usr/local/Cellar/ntopng/1.2.1/share/ntopng
    12/Sep/2014 08:32:34 [Ntop.cpp:206] Welcome to ntopng x86_64 v.1.2.1 (r1.2.1) - (C) 1998-14 ntop.org
    12/Sep/2014 08:32:34 [PeriodicActivities.cpp:53] Started periodic activities loop...
    12/Sep/2014 08:32:34 [RuntimePrefs.cpp:32] Dump alerts into syslog
    12/Sep/2014 08:32:34 [NetworkInterface.cpp:800] Started packet polling on interface en0 [id: 1]...
    12/Sep/2014 08:32:34 [NetworkInterface.cpp:800] Started packet polling on interface en1 [id: 3]...
    12/Sep/2014 08:32:34 [NetworkInterface.cpp:800] Started packet polling on interface lo0 [id: 5]...
    

     
    Note that if you want you can install the GeoIP dat files (for geolocating hosts) by downloading them

    # cd /usr/local/Cellar/ntopng/1.2.1/share/ntopng/httpdocs/geoip/
    # wget -nc http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
    # wget -nc http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
    # wget -nc http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
    # wget -nc http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz
    # gunzip *.dat.gz

Time to enjoy ntopng (and nDPI) on Mac OSX!