One of the great features of nfsen is the ability to specify filters for identifying specific traffic and thus aggregate and graph it. In ntopng we aggregate traffic per host and networks. However sometimes you want to aggregate using other criteria. Examples include:
- Traffic from host A to host B
- VPN traffic sent from host X to concentrator Y
- Facebook traffic sent from iPad 192.168.13.4
- ntopng web traffic
In order to implement these measurements, in ntopng we have introduced the concept of network profiles. Each profile is defined using the “Traffic Profiles” entry of the preferences menu of ntopng professional.
The preferences page contains a list of profiles defined with name and filter.
Contrary to nfsen that used its own syntax, here we decided to use BPF (used in tcpdump and wireshark) to define profiles. We have extended it so that you can include also the l7proto statement that is used to characterise nDPI protocols. Once you have saved the protocol you can see stats about it from the interface stats.
or from the flow page where flows are marked with the profile name.
Using this feature you can aggregate the traffic the way you want, as long as you can define the profile using a BPF filter, thing that is pretty likely to happen.
Enjoy!