Guides

Announce

Introducing ntopng Policy Menu
In the past months we have extended our behaviour analysis introducing new features such as the ACL or device policies. For this reason we have rearranged the menus and create a new Policy menu (you can read more here) that contains all the configurations used by ntopng to trigger alerts. Sue to this, some pages have been moved and changed location. Below you can find the list of the moved pages and how to access them now: Server Ports (Previously, Server Ports Analysis): Previously in the Host entry, moved to …
Features

Using Traffic Rules To Supervise Network Traffic
The Problem Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot these situations and report them with an alert. This is why we have created the Local Traffic Rules page: users can now define custom Volume/Throughput threshold for some (or all) local hosts. You can also …
Guides

ntopng, InfluxDB and Grafana: A Step-By-Step Guide to Create Dashboards
Creating Grafana dashboards out of ntopng data basically boils down to: Configuring ntopng to export timeseries data to InfluxDB Configuring the Grafana InfluxDB datasource to extract timeseries data from InfluxDB Adding Grafana Dashboards panels with ntopng data This post aims at covering the topics above to serve as reference for those who want to create Grafana dashboards. Configuring ntopng to Export Timeseries Data to InfluxDB To configure ntopng to export timeseries data to InfluxDB, visit the ntopng Timeseries preferences page, and pick InfluxDB as driver. Then, it suffices to configure …
Guides

Best Practices for the Collection of Flows with ntopng and nProbe
ntopng can be used to visualize traffic data that has been generated or collected by nProbe. Using ntopng with nProbe is convenient in several scenarios, including: The visualization of NetFlow/sFlow data originated by routers, switches, and network devices in general. In this scenario, nProbe collects and parse NetFlow/sFlow traffic from the devices, and send the resulting flows to ntopng for the visualization. The monitoring of physical network interfaces that are attached to remote systems. In this scenario, ntopng cannot directly monitor network interfaces nor it can see their packets. One …
Guides

PF_RING and Network Namespaces
Last week we made a couple of presentations at LinuxLab 2017 where we spoke about Containers, focusing on Network Namespaces support in PF_RING, and User and IoT-oriented Network Traffic Monitoring on Embedded Devices. With the advent of Containers, processes isolation has become extremely easy and effective, to the point that ordinary Virtual Machines have been reconsidered. Many ntop users today are running traffic monitoring applications in Docker, thus it’s important to understand how Containers work and how to make the best use of them. Network isolation is provided by Network Namespaces, a native feature of the …
Guides

When Live is not Enough: Connecting ntopng and nProbe via MySQL for Historical Flows Exploration
Using nProbe in combination with ntopng is a common practice. The benefits of this combination are manyfold and include: A complete decoupling of monitoring activities (taking place on the nProbe) from visualization tasks (taking place on ntopng); The capability of building distributed deployments where multiple (remote) nProbe instances send monitored data towards one or more ntopng instances for visualization; A comprehensive support for the collection, harmonization and visualization of heterogeneous flow export protocols and technologies, including NetFlow V5/v9/V10 IPFIX and sFlow; Full support for any proprietary technology that sends custom …
Guides

Filling the Pipe: Exporting ntopng Flows to Logstash
Logstash comes in very handy when it is necessary to manipulate or augment data before the actual consolidation. Typical examples of augmentation include IP address to customer ID mappings and geolocation, just to name a few. ntopng natively supports network flows export to Logstash. The following video tutorial demonstrates this feature. …
Guides

Best Practices for Efficiently Running ntopng
The default ntopng configuration, is suitable for most of our users who deploy it on a home network or small enterprise network (typically a /24 network) with link speed <= 100 Mbit. This does NOT mean that ntopng cannot operate on faster/larger networks, but that it cannot be used without any configuration. The first thing to modify are the -x/-X settings. You need to set them to double the max size you expect on your network. Example if you expect to have (including both local and remote hosts) at most …
Guides

Tweaking MySQL to Improve ntopng Flows Storage Space Usage
Edit: MySQL tables engine has been migrated to MyISAM in ntopng 2.4 so this post only applies for versions <= 2.3. This is the first post that tries to give hints on how to tweak MySQL settings to better accomodate flows exported by ntopng. In particular, in this post it is discussed how to improve disk space usage. Hopefully, a series of posts with tips and tricks on how to improve responsiveness and reduce query time will be published in the future. ntopng  MySQL flow export can be enabled using …
Guides

How to Analyse MikroTik Traffic Using ntopng
MikroTik routers are pretty popular in particular in the wireless community and many users of the original ntop are familiar with it. With the advent of ntopng, we have decided to avoid natively supporting netflow in ntopng due to the many “dialects” a of the protocol and leave to nProbe the task to do the conversion of flows onto something ntopng can understand. For this reason the workflow is the one depicted below: The first thing to do is to configure NetFlow (both v5 and v9 are used) on the MikroTik that cane …
Features

Exploring Historical Data Using ntopng: Part 2
ntopng is able to deliver monitored traffic flows data to a MySQL server. We have already discussed how to configure ntopng to deliver this data in another blog post. In this article we discuss the new features that allow you to dig deep into the flows dumped to MySQL using the ntopng web GUI. Earlier ntopng releases didn’t allow for thorough historical analyses and were only giving access to recorded flows and providing limited sorting features. With the advances made in the latest ntopng Pro Small Business it is possible to drill-down historical …
Guides

Monitoring BitTorrent Traffic with ntopng
ntopng has been designed not just for network administrators, but also for small companies and in particular for families. How often you have seen traffic on your network that you did not expect and you asked yourself what was that about. A good example is BitTorrent traffic that can be used for efficiently downloading files and not just for copyright-protected content (unfortunately this is how this protocol is usually perceived by the network community). If you are wondering what your colleagues/children are downloading using BitTorrent, now ntopng can help you. In the latest …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe