wget http://apt-stable.ntop.org/wheezy/all/apt-ntop-stable.deb
dpkg -i apt-ntop-stable.deb
grep -q "wheezy-backports" /etc/apt/sources.list || echo "deb http://ftp.debian.org/debian wheezy-backports main" >> /etc/apt/sources.list
 
apt-get clean all
apt-get update

apt-get install redis-server rrdtool libssl-dev
apt-get install pfring nprobe ntopng ntopng-data n2disk cento

ntopng.conf

# /etc/ntopng/ntopng.conf
#
#        The  configuration  file is similar to the command line, with the exception that an equal
#        sign '=' must be used between key and value. Example:  -i=p1p2  or  --interface=p1p2  For
#        options with no value (e.g. -v) the equal is also necessary. Example: "-v=" must be used.
#
#
#       -G|--pid-path
#        Specifies the path where the PID (process ID) is saved.
#
--pid-path=/var/run/ntopng.pid
#
#       -e|--daemon
#        This  parameter  causes ntop to become a daemon, i.e. a task which runs in the background
#        without connection to a specific terminal. To use ntop other than as a casual  monitoring
#        tool, you probably will want to use this option.
#
--daemon
#
#       -i|--interface
#        Specifies  the  network  interface or collector endpoint to be used by ntopng for network
#        monitoring. On Unix you can specify both the interface name  (e.g.  lo)  or  the  numeric
#        interface id as shown by ntopng -h. On Windows you must use the interface number instead.
#        Note that you can specify -i multiple times in order to instruct ntopng to create  multi‐
#        ple interfaces.
#
--interface=eth0
--interface=eth1
#
#       -w|--http-port
#        Sets the HTTP port of the embedded web server.
#
--http-port=3000
#
#       -W|--https-port
#       HTTPS. See usage of -w above. Default: 3001
#
#--https-port=3001
#
#       -m|--local-networks
#        ntopng determines the ip addresses and netmasks for each active interface. Any traffic on
#        those  networks  is considered local. This parameter allows the user to define additional
#        networks and subnetworks whose traffic is also considered local in  ntopng  reports.  All
#        other hosts are considered remote. If not specified the default is set to 192.168.1.0/24.
#
#        Commas  separate  multiple  network  values.  Both netmask and CIDR notation may be used,
#        even mixed together, for instance "131.114.21.0/24,10.0.0.0/255.0.0.0".
#
--local-networks=192.168.1.0/24,192.168.2.0/24,127.0.0.0/8
#
#       -n|--dns-mode
#        Sets the DNS address resolution mode: 0 - Decode DNS responses  and  resolve  only  local
#        (-m)  numeric  IPs  1  -  Decode DNS responses and resolve all numeric IPs 2 - Decode DNS
#        responses and don't resolve numeric IPs 3 - Don't decode DNS responses and don't  resolve
#
--dns-mode=1
#
#       -S|--sticky-hosts
#        ntopng  periodically purges idle hosts. With this option you can modify this behaviour by
#        telling ntopng not to purge the hosts specified by -S. This parameter requires  an  argu‐
#        ment  that  can  be  "all"  (Keep  all hosts in memory), "local" (Keep only local hosts),
#        "remote" (Keep only remote hosts), "none" (Flush hosts when idle).
#
--sticky-hosts=local
#
#       -d|--data-dir
#        Specifies the data directory (it must be writable). Default directory is ./data
#
--data-dir=/var/tmp/ntopng
#
#       -q|--disable-autologout
#        Disable web interface logout for inactivity.
#
--disable-autologout
#                                                                                                                       
#       -l|--disable-login
#       Disable user login authentication
#       0 - Disable login only for localhost
#       1 - Disable login only for all hosts
#
--disable-login=1
#
#       --community
#       Start ntopng in community edition (debug only).
#
--community

/etc/init.d/ntopng

...
start_ntopng() {
    ethtool -K p4p1 gro off gso off tso off
...

/etc/init.d/ntopng start