Flow-based Monitoring


NetFlow and sFlow are the two industry standard for flow-based traffic Monitoring. You can use both ntop and nProbe for this purpose as they both support those protocols.

ntop


ntop can act as a flow collector. In order to activate it, it is necessary to create a virtual interface and send flows to it. You can do that in the menu Admin -> Plugins -> NetFlow (or sFlow) plugin, as depicted below.

 

nProbe


nProbe can act as:

  1. Pure NetFlow/IPFIX Probe
    In this case nProbe captures packets from a network interface and turns them into flows.

  2. Both Probe and Collector
    While capturing packets, turning into flows, and exporting them towards a list of collectors, nProbe can also collect flows sent by remote probes and add them to the flow cache.

  3. Flow Proxy
    It can collect flows and turn them into another format. For instance it can collect sFlow or NetFlow v5 flows and export them in IPFIX format towards a flow collector.

  4. Pure Flow Collector
    It receives sFlow/NetFlow/IPFIX flows and dump them on disk or database

On a nutshell with nProbe all the possible combinations are supported You can also feed ntop with flows, in order to preprocess traffic and thus reduce load on ntop.