Announcing ntopng 2.4: Efficiency is Beauty

Posted · Add Comment

At ntop we are on a mission to develop enterprise-grade networking software, mostly open-source, and free of charge for no-profit/research organizations. Since our inception, we have been passionately and resiliently developing software to allow our users to monitor, protect, and preserve their network infrastructure. And we have been doing this in a relentless pursuit for the best and most efficient solution. We know that in the big-data era it is becoming increasingly easy to “add an extra appliance” — after all, it’s not that expensive — but this is not at the heart of our philosophy.

At the heart of our philosophy lies the belief that efficiency is beauty. Software must be light, optimized, and scalable enough to run on commodity hardware, pushing the “add an extra appliance” to a last resort. We believe that providing lighter, faster, and more scalable network monitoring software is the best way to deliver value to our users. We believe that such software is the catalyst for deploying enterprise-grade monitoring solutions at a fraction of the cost that would have come with conventional deployments. Software that can run seamlessly on top of commodity hardware, or even on virtual machines.

This beliefs have guided us through years of growth and innovation. During those years we released an interesting number of successful software products. ntopng is one of the most widely known tools we have developed so far. Its journey began many years ago under the name of ntop. The new generation status ng was earned a couple of years ago, when Luca Deri re-designed and re-implemented it ex-novo. Luca’s decision to entirely re-code the software was driven by the necessity to provide a modular, modern tool that could exploit the most recent web/scripting technologies. After months of intense coding ntopng was ready, and it turned out to be an exceptionally modular software composed of an heavy-lifting C/C++ core that interacts with Lua and Javascript to present results to the user via an intuitive web interface.

We have released many ntopng versions since then, each one with interesting improvements and significant new features. Today, we are proud to announce ntopng version 2.4.

This is version 2.4 from a feature perspective:

  • Memory-management, stability and speed have been fundamentally improved
  • We have kept an eye on security and hardened the code to prevent privileges escalation and XSS
  • Alerts have been extended to include support for
    • Re-arming to avoid raising trains of identical alerts in short periods of time
    • Alert propagation to the infrastructure monitoring software Nagios
    • CIDR-based triggers to monitor the behavior of whole networks
    • The detection of suspicious probing attempts
  • Netfilter support has been added together with optional packet dropping features
  • Routing visibility is now possible through RIPE RIS
  • Availability of fine-grained historical data drill-down features, including top talkers, top applications, and interactions between hosts (more details here)
  • Integrations with other software
    • LDAP authentication support
    • alerts forwarding/withdrawal to Nagios
    • nBox integration to request full packet pcaps of monitored flows
    • Data export to Apache Kafka
  • We have extended and improved traffic monitoring
    • Visibility of TCP sessions throughput estimations and state breakdown (e.g., connections established, connections reset, etc.)
    • Goodput monitoring
    • Trends detection
    • Highlight of low-goodput flows and hosts
    • Visibility of hosts top-visited sites
  • Built-in support is now included for
    • GRE detunnelling
    • per-VLAN historical statistics
    • ICMP and ICMPv6 dissection
  • We have extended the set of supported OSes to include: Ubuntu 16, Debian 7, EdgeOS
  • There is also an optional support for hosts categorization via service flashstart.it

We encourage you to play with ntopng version 2.4. Review it, test it out, open an issue on GitHub, or send us an email. Binary packages are available for many distributions including CentOS 6 and CentOS 7, Debian jessie and wheezy, Ubuntu 12/14/16, Raspbian and Windows. If you are more interested in the source code, then you should visit our GitHub page.