ntopng

ntopng

HowTo Monitor Traffic in SMEs and Home Networks: A Primer
In the first part of this series of articles, we focused on monitoring ISPs and MSP traffic. Today we analyse network traffic in SMEs and home networks. The typical network layout of a home or a small business is depicted below.   The ISP provides a router for connecting to the Internet (e.g. xDSL or fibre) that usually also features an embedded access point used by phones, tablets or laptops to connect to the Internet. In order to monitor LAN traffic, the best solution is to replace the current switch …
nProbe

HowTo Monitor Customer Traffic in Managed Service Providers and ISPs
ISPs have provided Internet access to customers for years and the only goal was to connect their users to the Internet. Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) deliver network, services and infrastructure on customer premises and have become relatively popular in the past few years. Over time customers started to ask new services, including traffic monitoring, security (here MSSP come into the scene) and visibility. So if you as a MSP, MSSP or ISP and you are wondering how to monitor customer traffic using ntop tools, …
Announce

ntopng 5.0 Is Out: Modern Traffic Monitoring for AIOps and Cybersecurity
ntopng was initially designed as a tool for realtime network traffic monitoring. The idea was to create a DPI-based tool able to report traffic statistics. Overtime we have added the ability to implement active monitoring checks, SNMP, and various other features. However there was a fundamental point that was missing: go beyond traffic reporting, moving towards traffic analysis. The current Grafana-like trend of having several large screens full of dashboards is the opposite of what we believe we should do. This approach requires network and security administrators to be trained …
ntopng

Infrastructure Monitoring: Observing The Health and Status of Multiple ntopng Instances
Introduction Quis custodiet ipsos custodes? (Juvenal). In other words: who will guard the guards themselves? If you use ntopng to monitor your network, you also need to make sure ntopng is monitored as in case of failure, ntopng will not report any alert, and the network administrator can interpret that as a sign of good health, instead of interpreting it as lack of monitoring.Recent 4.3+ versions of ntopng have the capability to monitor other ntopng instances, being them in the same local LAN or physically/geographically distributed. This capability, also referred …
nProbe

Collecting Flows from Hundred of Routers Using Observation Points
Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you to create up to 32 virtual flow collection interfaces that can be used to avoid merging collected flows: unfortunately they are not enough when collecting flows from 100+ routers. In the latest ntopng and nProbe dev versions (soon to become stable), we have implemented the concept of observation point, that …
nProbe

NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients in case of some problem is detected. This is the main difference between the ntop solution and a NetFlow collector whose main goal is to dump flows on a database with any or little flow analysis. In essence the current state of the art with 4 nProbe instances sending data …
nProbe

NetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and dump NetFlow data. The idea is to provide performance figures useful to understand the maximum rate at which NetFlow can be processed without loss of data. Before giving the actual figures, it is worth discussing briefly the most relevant unit of measure that will be used, i.e., the number of …
ntopng

Detecting and Analysing Qakbot Traffic Using ntopng
In this post Martin shows how he has used ntopng to detect Qakbot trojan. Many thanks for this contribution. Introduction I am using ntopng for network monitoring quite some time now and I was curios to see, what ntopng would alert when detecting malware. The website malware traffic analysis is a great source for malware captured in network traffic. I decided to take a Qakbot infection with spambot activity [1]. From the pcap file name we see to expect Qakbot, a active [2] banking trojan [3] Cobalt Strike, a commercial …
nProbe

Best Practices for High Speed Flow Collection
Most people use nProbe and ntopng to collect flows using an architecture similar to the one below where nprobe and ntopng are started as follows: nprobe -3 <collector port> -i none -n none —zmq "tcp://*:1234" --zmq-encryption-key <pub key> ntopng -i tcp://nprobe_host:1234 --zmq-encryption-key <pub key> In this case ntopng communicates with nProbe over an encrypted channel and flows are sent in a compact binary format for maximum performance. If you do not need nProbe to cache and aggregate flows, you can also add --collector-passthrough on the nProbe side to further increase …
ntopng

What is Score, and How It can Drive You Towards Network Issues
Telemetry protocols such as sFlow/NetFlow, SNMP or packet-based traffic analysis are the source of data for network traffic monitoring. For a long time visibility was the main issue and people were attracted by new tools such as Grafana that allowed them to put on a screen a lot of data. A big misconception in this area is that the more data you see the less you understand as networks are constantly growing in both size and complexity and adding second or a third screen a PC isn’t the perfect way …
nProbe

How To Monitor Traffic Behind a Firewall (During and Post Pandemic)
Due to pandemic, many people are now working in a delocalised world: some work from home, others from the office. To make things even more complicated, in the past remote workers used to connect to the company network via a VPN. While this option is still possible, many resources are now available from the cloud thus making VPNs obsolete in some environments, in particular for mobile workforce that connects to the Internet by means of a cellular network. In the past months, some people contact us to ask how they …
Announce

Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)
We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In the Network monitoring, discovery and inventory devroom we will give two presentations titled “Using nDPI for  Monitoring and Security” and  “ntopng network monitoring and discovery“. In addition, ntop has been given a virtual stand to present its opensource-related activities. The ntop team will always be available in a chatroom and a series …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe