ntopng

ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well.

ntopng users can use a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntopng can be seen as a simple RMON-like agent with an embedded web interface. The use of:

• a web interface.
• limited configuration and administration via the web interface.
• reduced CPU and memory usage (they vary according to network size and traffic).

What ntopng can do for me?

• Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, AS.
• Show network traffic and IPv4/v6 active hosts.
• Produce long-term reports about various network metrics such as throughput, application protocols
• Top X talkers/listeners, top ASs, top L7 applications.
• For each communication flow report network/application latency/RTT, TCP stats (retransmissions, packets OOO, packet lost), bytes/packets
• Store on disk persistent traffic statistics in RRD format.
• Geolocate hosts and display reports according to host location.
• Discover application protocols by leveraging on nDPI, ntop’s DPI framework.
• Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist.
• Show IP traffic distribution among the various protocols.
• Analyse IP traffic and sort it according to the source/destination.
• Display IP Traffic Subnet matrix (who’s talking to who?)
• Report IP protocol usage sorted by protocol type.
• Produce HTML5/AJAX network traffic statistics.

ntopng v3.8 releases.

Changelog

New features

• Remote assistance to temporarily grant encrypted ntopng access to remote
  parties
  • Works with a transparent overlay-network spawned on-demand just
    for the time necessary for the assistance
  • Passes through firewalls and NATs
  • https://www.ntop.org/ntopng/use-remote-assistance-to-connect-to-ntopng-instances/
• Custom URLs and IP addresses mappings to traffic categories
  • Ability to associate websites (HTTP and HTTPS) to certain traffic
    categories using their names
  • Ability to use IP addresses (IPv4 and IPv6) to associate hosts to
    traffic categories
  • https://www.ntop.org/guides/ntopng/web_gui/categories.html?highlight=categories#custom-category-hosts
• Continuous traffic recording
  • Interfaces with n2disk for the recording and extraction of traffic
  • https://www.ntop.org/guides/ntopng/traffic_recording.html
• Download live pcap captures of monitored hosts and interfaces
  • Delivers packets in pcap format over the web
  • Works with single hosts, interfaces
  • Allows BPF filters
  • https://www.ntop.org/guides/ntopng/advanced_features/live_pcap_download.html?highlight=pcap#live-pcap-download
• User activities logging
  • Records an alerts ntopng web users activities, including changes
    in the configurations, deletion/addition of new users, login
    attempts, and password changes.
  • http://www.ntop.org/guides/ntopng/basic_concepts/alerts.html
• Extended chart metrics
  • Relative-Strength Index (RSI)
  • Moving and Exponentially-Moving Averages
  • https://www.ntop.org/guides/ntopng/web_gui/historical.html

More…

Download

Use Cases

Monitor a Physical Interface

A physical NIC card can be monitored simply by specifying its interface name as

./ntopng -i eth0

Flow Collection

Flow collection requires ntopng to be used in conjunction with nProbe which can act as probe/proxy. The communication between nProbe and ntopng takes place over ZeroMQ, a publish-subscribe protocol that allows ntopng to communicate with nProbe. An environment where a remote nProbe is physically monitoring from a NIC and sending monitored flows to ntopng can be deployed as

./nprobe -i eth1 –zmq tcp://192.168.1.1:5556

./ntopng -i tcp://192.168.1.1:5556

Copyright (C) 1998-2018 ntop 

Source: https://github.com/ntop/