Professional Training

Mastering ntop tools


ntop tools are continuously extended in order to take into account new requirements. This means that every new release adds many new features that needs to be mastered. In addition to this, new users demand professional training to quickly learn our tools and be productive in limited time.

For this reason ntop offers professional training in addition to periodic webinars, video tutorials, and community support.

ntop training mainly focus on ntopng, that leverages on most ntop tools, ranging from DPI, to packet capture and traffic analysis. Custom-tailored training content focusing on other ntop tools is offered as professional services.

 

Training Contents


The training course lasts 6 hours and it is in English language. It is provided through the Microsoft Teams platform and it is divided in five parts broadcasted across two weeks. Attendees should have a basic networking knowledge in order to attend the training. The training package includes (free of charge) a full ntopng Pro license to be used during and after the training.

Part I (90 minutes) – Introduction

  • Introduction to ntopng: main features and problems that can be tackled with it
  • ntopng architecture: how it works, main components, interaction with external applications
  • Traffic Analysis
    • Packets and Deep Packet Inspection (mirror ports, SPAN, TAP)
      • [demo πŸ’»] Configuring a mirror port of an HP switch
    • Flow collection (sFlow, NetFlow, IPFIX)
      • [demo πŸ’»] Configuring sFlow and NetFlow on a Ubiquiti Edge Router
    • Packets vs flows: discussion, pros and cons
    • SNMP and active monitoring
      • [demo πŸ’»] Configuring SNMP on a Cisco switch

Part II (90 minutes) – Installation and Licensing

  • Supported platforms and operating systems
  • ntopng installation
    • Linux ([hands on πŸ‘¨β€πŸ’»] Ubuntu, Centos)
    • Windows
    • FreeBSD/OPNsense/pfSense
  • Licenses
    • License model
    • Differences between versions (community vs Pro vs Enterprise M and L)
    • Maintenance
  • [hands on πŸ‘¨β€πŸ’»] Generating Licenses
    • The system ID
    • Create and apply licenses
  • [hands on πŸ‘¨β€πŸ’»] Starting ntopng as a Service
    • The configuration file
    • Systremd
  • ntopng on Docker
    • Licenses and containers
  • Hardware sizing, tuning and installation best practices

Part III (90 minutes) – Network Intelligence

  • [hands on πŸ‘¨β€πŸ’»] Ping google.com
    • What does ntopng see?
    • Active hosts and flows, their lifecycle
  • Alerts, anomalies, network and security issues
    • Checks and check configuration
    • Exclusion lists
  • [hands on πŸ‘¨β€πŸ’»] Analyzing a pcap file with Tor traffic
    • Alerts and associated risks
  • The score indicator of compromise
  • Delivering alerts to external recipients (mail, Discord, Telegram, Slack, ElasticSearch)
    • Endpoint and Recipients
    • [hands on πŸ‘¨β€πŸ’»] Delivering alerts to a Discord channel

Part IV (90 minutes) – Flow Collection

  • Flow collection vs packet collection: pros and cons, sFlow and NetFlow/IPFIX
  • How to collect flows sFlow and NetFlow/IPFIX. Integration of nProbe with ntopng
  • [hands on πŸ‘¨β€πŸ’»] Collecting NetFlow from nProbe
    • Configure nProbe to export NetFlow
    • Configure nProbe to collect NetFlow
    • Connecting ntopng with nProbe
  • [hands on πŸ‘¨β€πŸ’»] Flow collection behind NAT
    • Collector and probe mode
  • Performances and tuning
  • Collecting from large sets of devices: Observation Points

Part V (90 minutes) – Historical Data

  • Historical data
    • Timeseries
    • Flows
    • Alerts
  • [hands on πŸ‘¨β€πŸ’»] Historical data configuration
    • Timeseries for interfaces and local hosts
  • Timeseries data stores (RRD, InfluxDB)
  • Flow data stores (Clickhouse, MySQL, ElasticSearch)
  • [hands on πŸ‘¨β€πŸ’»] Looking at how data is stored on disk
    • The data directory
  • Accessing historical data
    • Timeseries and flow explorer
    • Packets and data drill down (n2disk)
  • Data retention
  • Sizing

A certificate of proficiency (not attendance) can be requested and provided upon an exam run by the ntop team that verifies that you qualify for it.

 

Training Schedule


Training is performed periodically or on demand and it needs to be arranged according to time zone of the attendees. If interested in a custom training session, please contact us to arrange a date and eventually adapt the contents.

The next scheduled training session will take place on

  • November 16th: part I – 15:00 – 16:30 CET (9:00 – 10:30 AM EST)
  • November 18th: part II – 15:00 – 16:30 CET (9:00 – 10:30 AM EST)
  • November 23rd: part III – 15:00 – 16:30 CET (9:00 – 10:30 AM EST)
  • November 25th: part IV – 15:00 – 16:30 CET (9:00 – 10:30 AM EST)
  • November 30th: part V – 15:00 – 16:30 CET (9:00 – 10:30 AM EST)

The above schedule is for general attendance. If you need personalised training or company training, please feel free to contact us.

Registration and Attendance


You can attend the training by registering at this URL. As you know ntop offers all product and services free of charge to eligible people, hence the registration is free of charge for everyone. Ahead of the training, attendees NOT belonging to not-for-profit organizations, will be contacted to settle the training fee on the ntop shop. Discounts are available for 2 or more attendees belonging to the same organisation.

Shall you have questions or need personalised training content/schedule, please feel free to contact us.