ntopng
ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.In the latter case, ntopng can be seen as a simple RMON-like agent with an embedded web interface. The use of:
1.a web interface.
2.limited configuration and administration via the web interface.
3.reduced CPU and memory usage (they vary according to network size and traffic).
What ntopng can do for me?
Sort network traffic according to many protocols
Show network traffic and IPv4/v6 active hosts
Store on disk persistent traffic statistics in RRD format
Geolocate hosts
Discover application protocols by leveraging on nDPI, ntop’s DPI framework.
Characterise HTTP traffic by leveraging on characterisation services provided by block.si. ntopng comes with a demo characterisation key, but if you need a permanent one, please mail info@block.si.
Show IP traffic distribution among the various protocols
Analyse IP traffic and sort it according to the source/destination
Display IP Traffic Subnet matrix (who’s talking to who?)
Report IP protocol usage sorted by protocol type
Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe.
Produce HTML5/AJAX network traffic statistics
Features
sFlow, NetFlow (including v5 and v9) and IPFIX support through nProbe
Network Flows
Local Traffic Analysis
Lua lightweight API for extending ntop via scripts
Support of both NetFlow andsFlow as flow collector. ntop can collect simultaneously from multiple probes.
Traffic statistics are saved into RRD databases for long-run traffic analysis.
Internet Domain, AS (Autonomous Systems), VLAN (Virtual LAN) Statistics.
Protocol decoders for all application protocols supported by nDPI.
Advanced HTTP password protection with encrypted passwords
RRD support for persistently storing per-host traffic information
Screen Shots:
Using ntopng as Flow Collector
In ntopng we have decided to collect flows through nProbe that can act as probe/proxy. This is because we wanted to keep the ntopng engine simple and clean from flow-based application needs. The communication between nProbe and ntopng happens though ZeroMQ that decouples ntopng from nProbe. You can collect flows as follows:
Start nProbe that will act as a probe for ntopng
nprobe --zmq "tcp://*:5556" -i .....
Start ntopng that will act as a collector (it listens on local port 5556)
ntopng -i "tcp://127.0.0.1:5556"
Flows exchanged between nProbe and ntopng are formatted in JSON and not on standard sFlow/NetFlow format.
Download:
http://www.ntop.org/get-started/download/
Video Tutorial:
https://www.youtube.com/channel/UCUYWuYlYKD5Yq5qBz0AIXJw
No comments:
Post a Comment