Professional Training

Mastering ntop tools


ntop tools are continuously extended in order to take into account new requirements. This means that every new release adds many new features that needs to be mastered. In addition to this, new users demand professional training to quickly learn our tools and be productive in limited time.

For this reason ntop offers professional training in addition to periodic webinars, video tutorials, and community support.

ntop training mainly focus on ntopng, that leverages on most ntop tools, ranging from DPI, to packet capture and traffic analysis. Custom-tailored training content focusing on other ntop tools is offered as professional services.

 

Training Contents


The training course lasts 6 hours and it is in English language. It is provided through the Microsoft Teams platform and it is divided in five parts broadcasted across two weeks. Attendees should have a basic networking knowledge in order to attend the training. The training package includes (free of charge) a full ntopng Pro license to be used during and after the training.

Part I (90 minutes) – Introduction

  • Introduction to ntopng: main features and problems that can be tackled with it
  • ntopng architecture: how it works, main components, interaction with external applications
  • Traffic Analysis
    • Packets and Deep Packet Inspection (mirror ports, SPAN, TAP, nTAP)
      • [demo 💻] Configuring a mirror port of an HP switch
    • Flow collection (sFlow, NetFlow, IPFIX)
      • [demo 💻] Configuring sFlow and NetFlow on a Ubiquiti Edge Router
    • Packets vs flows: discussion, pros and cons
    • SNMP and active monitoring
      • [demo 💻] Configuring SNMP on a Cisco switch

Part II (90 minutes) – Installation and Licensing

  • Supported platforms and operating systems
  • ntopng installation
    • Linux ([hands on 👨‍💻] Ubuntu, CentOS)
    • Windows
    • FreeBSD/OPNsense/pfSense
  • Licenses
    • License model
    • Differences between versions (community vs Pro vs Enterprise M and L)
    • Maintenance
  • [hands on 👨‍💻] Generating Licenses
    • The system ID
    • Create and apply licenses
  • [hands on 👨‍💻] Starting ntopng as a Service
    • The configuration file
    • Systemd
  • ntopng on Docker
    • Licenses and containers
  • The new nBox UI
    • Configure and run ntop applications using the web GUI
  • Hardware sizing, tuning and installation best practices

Part III (90 minutes) – Network Intelligence

  • [hands on 👨‍💻] Ping google.com
    • What does ntopng see?
    • Active hosts and flows, their lifecycle
  • Alerts, anomalies, network and security issues
    • Checks and check configuration
    • Exclusion lists
  • [hands on 👨‍💻] Analyzing a pcap file with bad DNS traffic
    • Alerts and associated risks
  • The score indicator of compromise
  • Delivering alerts to external recipients (mail, Discord, Telegram, Slack, ElasticSearch)
    • Endpoint and Recipients
    • [hands on 👨‍💻] Delivering alerts to a Discord channel

Part IV (90 minutes) – Flow Collection

  • Flow collection vs packet collection: pros and cons, sFlow and NetFlow/IPFIX
  • How to collect flows sFlow and NetFlow/IPFIX. Integration of nProbe with ntopng
  • [hands on 👨‍💻] Collecting NetFlow from nProbe
    • Configure nProbe to export NetFlow
    • Configure nProbe to collect NetFlow
    • Connecting ntopng with nProbe
  • [hands on 👨‍💻] Flow collection behind NAT
    • Collector and probe mode
  • Collecting from large sets of devices: Observation Points
  • Continuous PCAP Recording
    • Drill down from charts and alerts to raw packets
  • Performances and tuning

Part V (90 minutes) – Historical Data

  • Historical data
    • Timeseries
    • Flows
    • Alerts
  • [hands on 👨‍💻] Historical data configuration
    • Timeseries for interfaces and local hosts
  • Timeseries data stores (RRD, InfluxDB)
  • Flow data stores (ClickHouse, MySQL, ElasticSearch)
  • [hands on 👨‍💻] Looking at how data is stored on disk
    • The data directory
  • Accessing historical data
    • Timeseries and flow explorer
    • Packets and data drill down (n2disk)
  • Data retention
  • Sizing

Part VI (90 minutes) – Active Monitoring and SNMP

  • Network monitoring polling SNMP devices (switches and routers)
  • LLDP and network topology
  • Active monitoring (ICMP, Continuous ICMP, Speedtest, HTTP, throughput)
    • Monitor the infrastructure health 
    • Get notified about the status of services
    • React: running custom actions
  • Vulnerability Scan
  • Open discussion: Q&A

A certificate of proficiency (not attendance) can be requested and provided upon an exam run by the ntop team that verifies that you qualify for it.

 

Training Schedule


Training is performed periodically or on demand and it needs to be arranged according to time zone of the attendees. If interested in a custom training session, please contact us to arrange a date and eventually adapt the contents.

The next training session will take place in November:

  • November 7th, 2023 3pm CET – Part I
  • November 9th, 2023 3pm CET – Part II
  • November 14th, 2023 3pm CET – Part III
  • November 16th, 2023 3pm CET – Part IV
  • November 21th, 2023 3pm CET – Part V
  • November 23th, 2023 3pm CET – Part VI

Training will be held online in English language.

All registered attendees will receive, as part of the training, a license of ntopng Pro.

Registration and Attendance


You can register filling up this form where you need to specify the attendee(s) name(s). Ahead of the training, you need to settle the payment by purchasing the ticket (one per attendees) at the ntop shop.

As you know ntop offers all product and services free of charge to eligible people, hence the registration is free of charge for everyone. Ahead of the training, attendees NOT belonging to not-for-profit organizations, will be contacted to settle the training fee on the ntop shop. Discounts are available for 2 or more attendees belonging to the same organisation.

Shall you have questions or need personalised training content/schedule, please feel free to contact us.