Tag: ntopng

ntop

New, Fast, Scalable ClickHouse Integration for High-Volume Networks

When it comes to monitoring very large networks and the flows’ cardinality reaches into the billions, the performance of historical data storage and query systems becomes a critical bottleneck. Network operators, analysts, and engineers need to access flow records quickly and reliably, whether for traffic analysis, security investigations, or compliance reporting. When faced with massive datasets, even small inefficiencies in the data pipeline can result in slow queries, high CPU and disk usage, and poor responsiveness. At ntop, our mission is to help users gain visibility into their networks with …
Announce

Introducing ntopng Policy Menu

In the past months we have extended our behaviour analysis introducing new features such as the ACL or device policies. For this reason we have rearranged the menus and create a new Policy menu (you can read more here) that contains all the configurations used by ntopng to trigger alerts. Sue to this, some pages have been moved and changed location. Below you can find the list of the moved pages and how to access them now: Server Ports (Previously, Server Ports Analysis): Previously in the Host entry, moved to …
Announce

Using ClickHouse Cloud with ntopng

We are happy to announce that from the latest ntopng dev (6.1) version, ntopng supports exporting data (flows & alerts) to ClickHouse Cloud. Below you can find a step-by-step guide. Quick Start First of all let’s start by creating our account and service on the ClickHouse Cloud (you can find the official guide here); remember to save the ClickHouse username and password used for accessing your database. After that we have to jump to the ‘Connect’ section: Then, we have to select MySQL, turn on “Enable the MySQL protocol” and …
News

HowTo Monitor SNMP Interfaces Utilisation and Congestion Rate

Recently, we added the ability in ntopng to monitor link utilisation using NetFlow/IPFIX. In this post, we want to show you how we further improved those functionalities by leveraging SNMP to monitor the status of many devices (interfaces) simply. SNMP is a well-known protocol used for monitoring network devices, and ntopng uses it to poll and gather information from them. ntopng computes the interface usage by using a simple proportion between the traffic metered via SNMP and the interface speed. The interface speed is read by default from SNMP, but it can …
Features

How we Improved Alarm Delivery in ntopng

Sometimes, a critical issue shows up in your network and you’d like to be notified by ntopng on Telegram or by E-Mail. ntopng allows you to filter alerts for each recipient based on a few criteria including alert family, category, severity, or affected hosts. However in some case you want to be notified about a very specific alert, out of all alerts produced with the same family, category, severity. For example, it’s important to be notified when an Interface has no traffic, or when a new device (MAC) connects or …
Features

Using Traffic Rules To Supervise Network Traffic

The Problem Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot these situations and report them with an alert. This is why we have created the Local Traffic Rules page: users can now define custom Volume/Throughput threshold for some (or all) local hosts. You can also …
Cybersecurity

What’s New in ntopng: Network Assets

Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Asset Map. Have you ever asked yourself, what are the NTP servers in your network? Or, are all active DNS servers? Well, the Asset Map is useful  exactly in this case. The Asset Map is a map we designed to know what exactly is (are) the DNS, NTP,… server(s) active in a …
Cybersecurity

What’s New in ntopng: Periodic Activities (a.k.a beaconing) !

Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, let’s take a look at the Periodicity Map and what are the contained information. What we can see here is: The last seen – last time ntopng has seen a periodic activity (flow) The quintuplet …
Announce

ntopng 5.0 Is Out: Modern Traffic Monitoring for AIOps and Cybersecurity

ntopng was initially designed as a tool for realtime network traffic monitoring. The idea was to create a DPI-based tool able to report traffic statistics. Overtime we have added the ability to implement active monitoring checks, SNMP, and various other features. However there was a fundamental point that was missing: go beyond traffic reporting, moving towards traffic analysis. The current Grafana-like trend of having several large screens full of dashboards is the opposite of what we believe we should do. This approach requires network and security administrators to be trained …
nProbe

NetFlow Collection Performance Using ntopng and nProbe

Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and dump NetFlow data. The idea is to provide performance figures useful to understand the maximum rate at which NetFlow can be processed without loss of data. Before giving the actual figures, it is worth discussing briefly the most relevant unit of measure that will be used, i.e., the number of …
ntop

ntopng 4.0: A Refreshed Look with Dark Themes!

The latest ntopng 4.0 has a renewed look. The main changes we have introduced are: An always-on-top status bar. Key information on the health and status of the network is essential for the analyst and it must be always visible and easily accessible. This is why we have introduced an always-on-top fixed status bar with key information such as network throughput, active hosts, flows, and ongoing alerts. This information was previously placed at the bottom of every page so it was difficult to access it and a lot of scrolling …
ntopng

Merging Infrastructure and Traffic Monitoring: Integrating ntopng with Icinga

Icinga2 is an open source monitoring system which checks the availability of hosts and services, notifies users of outages and generates performance data for reporting. Thanks to its scalability and extensibility, it has become very popular (as Nagios successor) and suitable to monitor complex environments, even across multiple locations. Although popular, it falls short when it comes to monitor how the network is being used by certain host. There are several plugins for network monitoring available both in the Icinga Template Library and in the Icinga Exchange, however, they only …