Say hello to ntopng 2.0

Posted · Add Comment

After 9 months of development, we are pleased to announce the release of ntopng 2.0. This is a major release as we have reworked many application components and made the application robust and usable by mid/large companies and ISPs. We have created two versions of ntopng:

  • Community edition: this is the standard ntopng that you can use free of charge and that implements a robust and easy to use web-based traffic monitoring application.
  • Professional edition: an enhanced version of ntopng that includes modern reports and many new features listed below on this article. This edition is available at a little free that we can use to hire people to better serve all the ntop community. Note that we have created a cheap embedded/professional edition of ntopng usable on ARM-based (e.g. Raspberry PI and BeagleBoard) and MIPS-based (e.g. Ubiquity Networks EdgeRouter) boxes.

As of ntopng 2.0, the binary Windows version of the ntopng community (remember that the code base is the same for Unix and Windows) is free of charge: we want ntopng to be pervasive across platforms. All binary packages are work in professional edition for 10 minutes, and then switch back to the community edition: this allows you to see what is different in the professional edition.

The main new features of ntopng 2.0 include:

Professional Edition

  • Dynamic dashboard that includes a realtime view of traffic.
  • PDF-printable reports including top hosts/activities/protocols.
  • Ability to operate in inline mode and thus implement a layer-7 firewall (even on low-end embedded boxes) and traffic shaper (yes we can drop traffic and assign to hosts a bandwidth to avoid them to monopolise the traffic).
  • All graphs are rendered in a pretty way with zoomable (in and out) drill-down facility.
  • Per-minute accurate reports (in JSON format) of top X activities so that users can use them to generate further traffic reports in addition to all those included in the pro version.
  • Added SNMP support for visualising MIB-II host information through the ntopng web interface.

Community Edition

  • Moved the code to GitHub for easier collaboration.
  • Fixed several bugs present in the previous version.
  • Added continuous testing tools (Travis-CI) and automatic regression testing (via Travis) for improving code quality.
  • Added ability to aggregate traffic from various network interfaces on the same interface view while keeping interface traffic split. Example ntopng -i eth1, -i eth2 -i view:eth1,eth2
  • Added support for the latest nDPI that includes support for various new protocols (e.g. QUIC) and new versions of existing ones (e.g. Skype). nDPI is also used to drop application traffic in the professional noting edition.
  • Hardened the code to support mid/large organisations and high traffic volumes, as well for operating on hosts with little memory.
  • Added network latency in flows (server vs client network latency).
  • Added flow TCP traffic statistics (packets retransmitted, lost, and out of order).
  • Enhanced HTML code to render better on devices of various sizes.
  • Enhanced host alerts (including traffic quotas) and added interface alerts. You can now for instance generate traffic alerts when an interface has too much traffic or if a host has passed its daily traffic quota.
  • Ability to sniff from netfilter interfaces
  • Improvements on OS detection of remote hosts.
  • Alerts are now generated when ntopng detects a flooder or a network scanner (as well when accessing malware sites [-c plugin])
  • Integration of ntopng with nagios: you can now create nagios plugins to query ntopng and thus emit alerts based not traffic conditions.
  • Ability to categorise malware (-c option) using the Google Safe Browsing API that replaces the service present in ntopng 1.x.
  • Packaging for Intel, ARM and MIPS platforms.
  • Added ability to fine-tune RRD configurations.
  • Added ability to generate a traffic report for all hosted HTTP servers (on local networks): ISPs can now create a hourly report of all the thousand of servers they are hosting.
  • Ability to work behind an HTTP reverse proxy.
  • Enhanced the ElasticSearch export facility to cope with latest additions such as host geolocation.
  • Added support for NUMA core affinity.
  • Enhanced host GeoIP location.
  • Various fixes to the historical network interface.
  • Added reports per AS, geo-location, network, HTTP servers.
  • Added per-network RRDs.
  • Fixed various bugs including a memory leak that was slowly exhausting memory.
  • Added several fixes for enhancing security and preventing ntopng to be misused (from the security point of view).
  • Added ability to disable HTTP authentication (partially or fully).
  • ntopng can now be queries via HTTP tools such as curl or wget with authentication enabled.
  • Added ability to dump specific traffic (e.g. of a selected host) or when specific traffic conditions arise (e.g. too much traffic) on a tap interface and attach applications such as Wireshark/tcpdump to it. Similarly added ability to dump traffic to disk in pcap format.
  • Added HTTP virtual hosts support in HTML reports.
  • Added ability to send data in Lua using UDP (for instance you can use it for exporting metrics to Graphite).
  • Added experimental InfluxDB export (disabled by default as ‘as of today’ InfluxDB is not yet production ready).

Please do not forget to star ntopng on github if you like this project!