ntopng has been designed not just for network administrators, but also for small companies and in particular for families. How often you have seen traffic on your network that you did not expect and you asked yourself what was that about. A good example is BitTorrent traffic that can be used for efficiently downloading files and not just for copyright-protected content (unfortunately this is how this protocol is usually perceived by the network community). If you are wondering what your colleagues/children are downloading using BitTorrent, now ntopng can help you.
In the latest development version, ntopng (thanks to nDPI) can now decode (and not just detect) BitTorrent traffic and extract the hashId of the files being searched/downloaded and tell you what is such file. Of course if you use -F this information is saved in MySQL so that you can run your queries on it.
In case you have BitTorrent traffic on your network you can check it from the interface stats
or looking at flows. As you can see in the info column you can see a hash
that is then displayed clicking on the Info blue button. In this case you will see the flow information and the BitTorrent becomes a clickable hyperlink,
If you are wondering how to map the hashId to a file name (so you can know what file has been downloaded), you can click on the hash hyperlink and google will tell you what is the file being downloaded.
Now you know how to monitoring your colleagues/children downloads and decide if they are appropriate or not.
Happy downloading!