ntopng

ntopng

Using ntopng as Generic Flow Collector (log files, firewall events, MQTT…)
Most users of our community use ntopng as flow (sFlow/NetFlow/IPFIX) collector with ntop tools such as nProbe or nProbe Cento. From time to time we receive inquiries about using it as generic flow collector for instance reading connection information from the firewall, log files/syslog, MQTT, or cloud formats. This blog post shows you howto do that, ntopng can collect information via ZMQ, so the simplest mechanism is to export data on top of this protocol. ntopng accepts two formats implemented by the nDPI serialization library: binary TLV (all versions) JSON …
Announce

Introducing ntopng Policy Menu
In the past months we have extended our behaviour analysis introducing new features such as the ACL or device policies. For this reason we have rearranged the menus and create a new Policy menu (you can read more here) that contains all the configurations used by ntopng to trigger alerts. Sue to this, some pages have been moved and changed location. Below you can find the list of the moved pages and how to access them now: Server Ports (Previously, Server Ports Analysis): Previously in the Host entry, moved to …
ntop

HowTo Monitor Router Interfaces Congestion Using SNMP
Sometimes it happens that your router is congested, and you ask yourself “How is it possible?” or “Who is responsible for congesting the network?” or “Which router/port is congested?”. You could simply answer the last question by using the SNMP/Flow Exporters Usage: HowTo Monitor SNMP Interfaces Utilisation and Congestion Rate; but what about the other two? Let’s start by looking at SNMP. As explained in the previous post, if SNMP is enabled on the routers/switches, using ntopng it is possible to figure out if an interface is congested. On the …
ntopng

Introducing ntopng Hosts Activity Monitor
Many users requested us a simple way to visualise hosts activity overtime. In essence have the ability to answer questions like: What hosts were active during the week-end When a host is using most of the network. What hosts were active when a certain event happened. This is what hosts activity monitor does. In the dev branch, ntopng has been enhanced with a new menu entry under the hosts page, that shows in a heatmap the activity of local hosts. From the menubar it is possible to specify an arbitrary …
Cybersecurity

Can ntopng be considered an IDS (Intrusion Detection System) ?
ntopng is not typically classified as an Intrusion Detection System (IDS) in the traditional sense, but it does have some features that overlap with IDS functionalities. Let me explain the differences and how ntopng might serve a similar role: What is ntopng? ntopng is an open-source network traffic monitoring tool that provides visibility into network traffic and performance. It is primarily used for: Network Monitoring: Tracking traffic flows, bandwidth usage, and the behaviour of network devices. Traffic Analysis: Deep Packet Inspection (DPI) based on nDPI to analyse protocols, applications, and …
nProbe

HowTo Configure Flow Collection in nProbe and ntopng
In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Probe mode. nProbe captures network packets that are converted into flows that are then exported to ntopng. Collection mode. nProbe collects flows produced by a probe such as a router. Flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use custom information elements. In addition nProbe takes care …
ntopng

How Historical Flows Replay Works
ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added a new “play” button shown in the picture below. In order to use this new feature, you need to: Select the time span you are interested in (e.g. the last hour) Optionally you can set …
ntopng

Say Hello to ntopng 6.2: Mitre Att&ck, -60% Memory Usage, Historical Flows Replay, Revamped UI, Remediations, Cloud
We’re happy to announce ntopng 6.2, a 10 months long development cycle. We have changed a few things in the UI and under the hood. Many pages as the flow page have been rewritten from scratch for responsiveness and usability Mitre Att&ck has been integrated in alerts, flow risks and  dashboards.As you can see we now have implemented a remediation column that shows you some remediation actions to avoid specific issues to appear again in the future. ntopng 6.2 uses -60% of memory woth respect to 6.0 as already discussed …
ntopng

HowTo Extend ntopng with new Host/Flow Checks and Alerts
ntopng can be easily extended with new host/flow checks and alerts. They are developed in C++ with a few Lua files used by the UI to configure the check and format the emitted alerts. In order to introduce you to thir development, we have written a short guide that shows you step-by-step how to develop a simple check and alert. If you want you can see a code example of host check that rtiggers an alert when a server contacted a new port after a learning period. If you have …
ntopng

HowTo Export ntopng Alarms to Checkmk Event Console
Checkmk is a popular platform for monitoring IT infrastructure. ntopng has been integrated in Checkmk some time ago, enabling users to provide traffic visibility in additional to classic bytes/packets metrics. As ntopng is able to produce traffic alerts that, we have decided to extend ntopng in order to export alert information towards Checkmk event console where alerts are received.This guide will walk you through configuring ntopng and Checkmk to enable this functionality. In order to do so, within ntopng, it’s necessary to configure a new Endpoints as well as a …
ntopng

Extended Multilanguage Support in ntopng: Korean, Spanish and French
This is to announce that ntopng now enables users to use a new languages: Korean, Spanish and French.  We have also improved translations of German and Italian. The translation is done using an automatic tool so, we cannot guarantee that the translation is completely correct. Error or typos are accepted as a GitHub issue: please open a ticket if you find problems. To change language click on the top right icon in ntopng and enter in the admin page A popup will open, select language and a list of available …
ntop

InfluxDB v2 support in ntopng is Now (partially) Available
It’s been 3 years since InfluxDB v.2 was released and until a couple of months ago we didn’t plan to add the support to the InfluxDB v.2 due to many reasons: migration from SQL to Flux query language, v2 performance not better than v1. The in the meantime InfluxData release InfluxDB v3 that is currently only supported on their cloud and not yet packaged as on-prem product. However due to the more pressing requests and suggestions from our customers we finally decided to add the support as follows: as InfluxDB …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe