ntopng

nEdge

Released ntopng 6.4: More Insightful Than Ever
We’re excited to announce a new ntopng stable release 6.4, a feature-packed update! With a strong focus on assets visibility and QoE monitoring. This version introduces groundbreaking new dashboards, advanced reporting, better alerting, and a lot of improvements to keep your network monitoring efficient and insightful. Breakthroughs Asset Inventory & Digital Twin DashboardVisualize your infrastructure like never before. The new dashboard provides a clear inventory of network assets with their virtual representations. Infrastructure DashboardManage multi-region deployments with a bird’s-eye view of your infrastructure and performance across distributed environments. Autonomous Systems …
ntopng

HowTo Use Host Policy to Detect Misbehaving Hosts
ntopng has several ways to spot unusual traffic patterns, like: Checking if a device is behaving strangely. Sending alerts when a threshold is reached. Looking for changes in traffic metrics (like how much traffic is coming from a particular host). Seeing if host services change. To make these checks even better, ntopng added a new flow behavioral check called “Host Policy.” The idea is simple: there are some special devices on a network, like routers, switches, printers, and other non-general-purpose devices, that shouldn’t send traffic to the Internet. Except for …
Announce

Introducing the New Infrastructure Dashboard in ntopng
For this reason, some time ago we introduced the Infrastructure Monitoring in ntopng, as described in a previous blog post, which is the ability to use ntopng to monitor other ntopng instances, by means of its Active Monitoring capabilities. This infrastructure monitoring feature allows users to gain real-time insights into the status of their ntopng instances, as well as monitor the network interconnecting them. Now, we are excited to introduce a further extension to the Infrastructure Monitoring in ntopng, the new Infrastructure Dashboard. This enhancement enables users to efficiently oversee multiple …
ntopng

9 Reasons You Should Use Ntopng on Your Raspberry Pi
This XDA article has published an interesting article about ntopng on rPI. In particular: Learn and experiment with networking It’s a low-power solution It integrates with other network tools (e.g. Zabbix or Nagios) Optimize your home network traffic Analyze historical network data Manage bandwidth and QoS settings Capture and analyze network packets (via nDPI) Detect unauthorized devices and threats Check network activity from anywhere Do you agree? Enjoy ! …
ntopng

Using ntopng as Generic Flow Collector (log files, firewall events, MQTT…)
Most users of our community use ntopng as flow (sFlow/NetFlow/IPFIX) collector with ntop tools such as nProbe or nProbe Cento. From time to time we receive inquiries about using it as generic flow collector for instance reading connection information from the firewall, log files/syslog, MQTT, or cloud formats. This blog post shows you howto do that, ntopng can collect information via ZMQ, so the simplest mechanism is to export data on top of this protocol. ntopng accepts two formats implemented by the nDPI serialization library: binary TLV (all versions) JSON …
Announce

Introducing ntopng Policy Menu
In the past months we have extended our behaviour analysis introducing new features such as the ACL or device policies. For this reason we have rearranged the menus and create a new Policy menu (you can read more here) that contains all the configurations used by ntopng to trigger alerts. Sue to this, some pages have been moved and changed location. Below you can find the list of the moved pages and how to access them now: Server Ports (Previously, Server Ports Analysis): Previously in the Host entry, moved to …
ntop

HowTo Monitor Router Interfaces Congestion Using SNMP
Sometimes it happens that your router is congested, and you ask yourself “How is it possible?” or “Who is responsible for congesting the network?” or “Which router/port is congested?”. You could simply answer the last question by using the SNMP/Flow Exporters Usage: HowTo Monitor SNMP Interfaces Utilisation and Congestion Rate; but what about the other two? Let’s start by looking at SNMP. As explained in the previous post, if SNMP is enabled on the routers/switches, using ntopng it is possible to figure out if an interface is congested. On the …
ntopng

Introducing ntopng Hosts Activity Monitor
Many users requested us a simple way to visualise hosts activity overtime. In essence have the ability to answer questions like: What hosts were active during the week-end When a host is using most of the network. What hosts were active when a certain event happened. This is what hosts activity monitor does. In the dev branch, ntopng has been enhanced with a new menu entry under the hosts page, that shows in a heatmap the activity of local hosts. From the menubar it is possible to specify an arbitrary …
Cybersecurity

Can ntopng be considered an IDS (Intrusion Detection System) ?
ntopng is not typically classified as an Intrusion Detection System (IDS) in the traditional sense, but it does have some features that overlap with IDS functionalities. Let me explain the differences and how ntopng might serve a similar role: What is ntopng? ntopng is an open-source network traffic monitoring tool that provides visibility into network traffic and performance. It is primarily used for: Network Monitoring: Tracking traffic flows, bandwidth usage, and the behaviour of network devices. Traffic Analysis: Deep Packet Inspection (DPI) based on nDPI to analyse protocols, applications, and …
nProbe

HowTo Configure Flow Collection in nProbe and ntopng
In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Probe mode. nProbe captures network packets that are converted into flows that are then exported to ntopng. Collection mode. nProbe collects flows produced by a probe such as a router. Flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use custom information elements. In addition nProbe takes care …
ntopng

How Historical Flows Replay Works
ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added a new “play” button shown in the picture below. In order to use this new feature, you need to: Select the time span you are interested in (e.g. the last hour) Optionally you can set …
ntopng

Say Hello to ntopng 6.2: Mitre Att&ck, -60% Memory Usage, Historical Flows Replay, Revamped UI, Remediations, Cloud
We’re happy to announce ntopng 6.2, a 10 months long development cycle. We have changed a few things in the UI and under the hood. Many pages as the flow page have been rewritten from scratch for responsiveness and usability Mitre Att&ck has been integrated in alerts, flow risks and  dashboards.As you can see we now have implemented a remediation column that shows you some remediation actions to avoid specific issues to appear again in the future. ntopng 6.2 uses -60% of memory woth respect to 6.0 as already discussed …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe