Ntopng: An excellent next generation network traffic monitor

«Ntopng» It is an excellent new generation network traffic monitori.e. it is the next generation updated version of the original program known as «Ntop», created by english organization of the same name. Engineering company that specially develops high quality network software, mostly open source software, free and for non-profit and / or research purposes.

«Ntopng» basically it's a network traffic probe which monitors network usage. Further, «Ntopng» is based on «libpcap» (Bookstore written as part of a program biggest called TCP Dump) and has been written in a very portable way that allows it to run on virtually all platforms «Unix», «MacOSX», and also about «Windows».

«Ntopng» actually what it provides is a intuitive and encrypted web user interface for exploration of real-time network traffic information and historically. So it is considered a version of high performance and low resource consumption, product of the natural evolution of the previous «Ntop».

Among the many benefits of «Ntop», apart from its pleasant and functional web interface, it is its ability to inform the user about multiple network protocols, Such as «ARP, ICMP, Decnet, DLC, IPX, Netbios, TCP, UDP» and many more.

ntopng

Features

Main courses

• Show network traffic: Both real-time and active hosts.
• Geolocate and Overlay Hosts: On a geographic map.
• Alerts engine: To capture anomalous and suspicious hosts.
• Continuous monitoring network devices: Via SNMP v1 / v2c.
• Tunneling protocol de-tunneling: Including GTP / GRE.
• Analyze IP traffic: Going even to classify it according to the source / destination.
• Produce network traffic statistics: Using HTML5 / AJAX technology.
• Give full support for current network protocols: Including IPv4 and IPv6.
• Report on the use of the IP protocol: Even going so far as to classify it by type of protocol.
• Full compatibility with Layer 2 protocols (Layer-2): Including ARP statistics.

Additional

• Produce long-term reports on network metrics: Including performance and application protocols.
• View list of main indicators: Top talkers (transmitters / receivers), Top ASs, Top L7 Applications.
• Store persistent traffic statistics on disk: To allow future exploration and post-mortem analysis.
• Characterize HTTP traffic: Taking advantage of the safe browsing services provided by Google y HTTP Blacklist.
• Sort network traffic: Among many criteria such as IP Address, Port, L7 Protocol, Performance, Autonomous Systems (AS).
• Support for exporting monitored data: Using MySQL, ElasticSearch and LogStash. For MySQL adds interactive historical data exploration.
• Application protocol discovery: Such as Facebook, YouTube, BitTorrent, among others, using nDPI (ntop Deep Packet Inspection) technology.
• Monitor and report network parameters: Including live performance, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, packets out of service, packets lost), and bytes and packets transmitted .

Versions

«Ntopng» is available in three versions:

• Community: Free and open source version (Hosted on GitHub) licensed under the GNU GPLv3.
• Professional
• Enterprise

Note: Versions Professional and Enterprise offer some additional features that are particularly useful for SMEs or the larger organizations. And its terms of ownership and use (conditions or limitations) are contemplated in their respective End User License Agreement (End-User License Agreement - UELA).

Installation

For Ubuntu

sudo apt install ntopng -y

sudo nano /etc/ntopng.conf

Default content of the ntopng.conf file

Modified content of the ntopng.conf file

Note: Only the required network interface (s) should be added (enabled).

sudo nano /etc/ntopng.start

Default content of the ntopng.start file

--local-networks "172.16.196.0/22"
--interface 1

Restart Ntopng service

systemctl restart ntopng

Run Web browser with start path to Ntopng

http://your-server-ip:3000

Ntopng login screen

Note: The default username and password are «admin» - «admin»

Ntopng main screen

For DEBIAN

wget http://apt.ntop.org/buster/all/apt-ntop.deb
dpkg -i apt-ntop.deb

apt update
apt install pfring-dkms nprobe ntopng n2disk cento -y

systemctl start ntopng
systemctl enable ntopng

nano /etc/ntopng/ntopng.conf
-G=/var/run/ntopng.pid
# Interface de red
-i=enp0s25
# Puerto Acceso web
-w=3000

nano /etc/ntopng/ntopng.start
--local-networks "172.16.196.0/24"
--interface 1

systemctl restart ntopng

http://your-server-ip:3000

Conclusion

As we can see «Ntopng» is a fabulous tool for FOSS that offers us excellent capabilities and benefits at the level of network traffic monitoring of our computers. For those who like to use applications a little more advanced than usual to scrutinize certain aspects of technology and operating systems in detail, «Ntopng» it is an excellent option to try.

If you have ever used the same, share with us your impressions and experience via comments, so that together we enrich the knowledge of the entire Free Software and Open Source Community.

And for more information, always do not hesitate to visit any Online library as OpenLibra y jedit to read books (PDFs) on this topic or others knowledge areas. For now, if you liked this «publicación», don't stop sharing it with others, in your Favorite websites, channels, groups, or communities of social networks, preferably free and open as Mastodon, or secure and private like Telegram.

Or simply visit our home page at DesdeLinux or join the official Channel Telegram from DesdeLinux to read and vote for this or other interesting publications on «Software Libre», «Código Abierto», «GNU/Linux» and other topics related to «Informática y la Computación», and the «Actualidad tecnológica».