ntopng

ntopng

Network Device Discovery. Part 1: Active Discovery
Since its introduction in 1998, ntop(ng) has been a pure (well beside DNS address resolution if enabled) passive network monitoring tool. Recently we have complemented it with active device discovery in order to find out if there are silent devices in our network, and what services/OS our devices are featuring. In this article we will analyze how active discovery works, leaving to a future article the analysis of passive discovery. Active discovery can be started on demand from the menu     or from the network preferences to enable periodic …
ntopng

ntopng Grafana Integration: The Beauty of Data Visualizazion
Disclaimer This article is outdated: please see this document for using ntopng with grafana Summary Grafana is one of the most widely known platforms for metrics monitoring (and alerting); ntopng version 3.1 natively integrates with Grafana thanks to a datasource plugin which is freely available; This article explains how to install and configure the ntopng datasource plugin, and how to build a dashboard for the visualization of ntopng-generated metrics. A video tutorial is available as well: Introduction Grafana is an open platform for analytics and visualization. An extremely-well engineered architecture makes …
ntopng

Announcing ntopng and Grafana Integration
Disclaimer This article is outdated: please see this document for using ntopng with grafana This is to announce the release of the ntopng Grafana datasource that you can find on the grafana website. Using this plugin you can create a Grafana dashboard that fetches data from ntopng in a matter of clicks. To set up the datasource visit Grafana Datasources page and select the green button Add a datasource. Select ntopng as the datasource Type in the page that opens. The HTTP url must point to a running ntopng instance, …
Guides

When Live is not Enough: Connecting ntopng and nProbe via MySQL for Historical Flows Exploration
Using nProbe in combination with ntopng is a common practice. The benefits of this combination are manyfold and include: A complete decoupling of monitoring activities (taking place on the nProbe) from visualization tasks (taking place on ntopng); The capability of building distributed deployments where multiple (remote) nProbe instances send monitored data towards one or more ntopng instances for visualization; A comprehensive support for the collection, harmonization and visualization of heterogeneous flow export protocols and technologies, including NetFlow V5/v9/V10 IPFIX and sFlow; Full support for any proprietary technology that sends custom …
ntopng

How to use ntopng for Realtime Traffic Analysis on Fritz!Box Routers
Fritz!Box routers are popular devices that many people use to connect to the Internet. Inside these routers there is a hidden (i.e. not accessible from the router web admin page, but that you access directly with a web browser by writing the whole URL) URL http://192.168.2.1/html/capture.html (BTW replace the 192.168.2.1 IP address with your Fritz!Box router IP if you have changed it) that can be used to dump router traffic in pcap format. While pcaps are good for troubleshooting, most people need to know what is happening on their network in realtime, …
ntopng

Integrating ntopng with Grafana
Last week the NYC Metrics and Monitoring meetup invited ntop to give a talk. The topic was how to open ntopng so that it can become a gateway for producing network metrics that could be used by popular applications and frameworks such as Snap-io, Prometheus or Influx. The first result of this activity is the integration of ntopng with Grafana that we plan to complete in July. Here you can see the presentation slides  where you can have an idea of the work we’re doing. If you are interested in using …
ntopng

Introducing ntopng 3.0
If you have enjoyed ntopng 2.x, we believe you will like 3.0 even more as we have worked for almost one year to this release. We have modified many things, improved security in ntopng (in the cybersecurity days this is the least we could do), added layer 2 visibility, improved metrics calculations, added alerts support (even on the go), improved significantly the Windows version (yes Win 10 is supported out of the box), improved performance, reworked the GUI in many aspects, improved significantly the inline traffic mode, improved FreeBSD support. As …
ntopng

Detecting and Fighting Ransomware Using ntopng (yes including WannaCry)
These days many people are talking about ransomware and in particular of the problems created by WannaCry. Some ntop users contacted us asking if they could use our tools for detecting and stopping ransomware. While the best solution to these issues is to properly implement network security (that is a process, not a product in our opinion) by designing the network properly and keeping hosts updated,  it is usually possible to use ntopng to detect infections, block most of them, and have a list of hosts that might have been …
ntopng

Monitoring Network Devices with ntopng and SNMP
Summary SNMP is widely used for network monitoring. Being able to remotely monitor network devices is fundamental to have a clear picture of present and past network health. ntopng systematically interacts with SNMP devices to provide historical and real-time insights on the network. ntopng SNMP support Simple Network Management Protocol (SNMP) is one of the de-facto standards used to remotely monitor network devices such as routers, switches and servers, just to name a few. With ntopng Enterprise it is possible to consistently and programmatically interact with those devices to have a real-time view …
ntopng

Network Security Analysis Using ntopng
Most security-oriented traffic analysts rely on IDSs such as Bro or Suricata for network security. While we believe that they are good solutions, we have a different opinion on this subject. In fact we believe that it is possible to use network traffic monitoring tools like ntopng to spot many security issues that would make and IDS too complex/heavy to use (if possible at all). What many of our users are asking, is the ability to highlight possible scenarios where there is a potential security issue to be analysed more in …
Guides

Filling the Pipe: Exporting ntopng Flows to Logstash
Logstash comes in very handy when it is necessary to manipulate or augment data before the actual consolidation. Typical examples of augmentation include IP address to customer ID mappings and geolocation, just to name a few. ntopng natively supports network flows export to Logstash. The following video tutorial demonstrates this feature. …
ntopng

Clustering Network Devices using ntopng Host Pools
In computer networks, devices are identified by an IP and a MAC. The IP can be dynamically assigned (so it might not be persistent), whereas the MAC is (in theory) unique and persistent for identifying a device. Non-technical users, do not know these low-level details, and in general it makes sense to cluster devices using other criteria. VLANs are a way to logically group devices belonging to the same administrative domain, but this is still a low-level network-level properly. When administering a network, we have have realised that we need …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe