«Ntopng»
It is an excellent new generation network traffic monitori.e. it is the next generation updated version of the original program known as «Ntop»
, created by english organization of the same name. Engineering company that specially develops high quality network software, mostly open source software, free and for non-profit and / or research purposes.
«Ntopng»
basically it's a network traffic probe which monitors network usage. Further, «Ntopng»
is based on «libpcap»
(Bookstore written as part of a program biggest called TCP Dump) and has been written in a very portable way that allows it to run on virtually all platforms «Unix»
, «MacOSX»
, and also about «Windows»
.
«Ntopng»
actually what it provides is a intuitive and encrypted web user interface for exploration of real-time network traffic information and historically. So it is considered a version of high performance and low resource consumption, product of the natural evolution of the previous «Ntop»
.
Among the many benefits of «Ntop»
, apart from its pleasant and functional web interface, it is its ability to inform the user about multiple network protocols, Such as «ARP, ICMP, Decnet, DLC, IPX, Netbios, TCP, UDP»
and many more.
ntopng
Features
Main courses
- Show network traffic: Both real-time and active hosts.
- Geolocate and Overlay Hosts: On a geographic map.
- Alerts engine: To capture anomalous and suspicious hosts.
- Continuous monitoring network devices: Via SNMP v1 / v2c.
- Tunneling protocol de-tunneling: Including GTP / GRE.
- Analyze IP traffic: Going even to classify it according to the source / destination.
- Produce network traffic statistics: Using HTML5 / AJAX technology.
- Give full support for current network protocols: Including IPv4 and IPv6.
- Report on the use of the IP protocol: Even going so far as to classify it by type of protocol.
- Full compatibility with Layer 2 protocols (Layer-2): Including ARP statistics.
Additional
- Produce long-term reports on network metrics: Including performance and application protocols.
- View list of main indicators: Top talkers (transmitters / receivers), Top ASs, Top L7 Applications.
- Store persistent traffic statistics on disk: To allow future exploration and post-mortem analysis.
- Characterize HTTP traffic: Taking advantage of the safe browsing services provided by Google y HTTP Blacklist.
- Sort network traffic: Among many criteria such as IP Address, Port, L7 Protocol, Performance, Autonomous Systems (AS).
- Support for exporting monitored data: Using MySQL, ElasticSearch and LogStash. For MySQL adds interactive historical data exploration.
- Application protocol discovery: Such as Facebook, YouTube, BitTorrent, among others, using nDPI (ntop Deep Packet Inspection) technology.
- Monitor and report network parameters: Including live performance, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, packets out of service, packets lost), and bytes and packets transmitted .
Versions
«Ntopng»
is available in three versions:
- Community: Free and open source version (Hosted on GitHub) licensed under the GNU GPLv3.
- Professional
- Enterprise
Note: Versions Professional and Enterprise offer some additional features that are particularly useful for SMEs or the larger organizations. And its terms of ownership and use (conditions or limitations) are contemplated in their respective End User License Agreement (End-User License Agreement - UELA).
Installation
For Ubuntu
sudo apt install ntopng -y
sudo nano /etc/ntopng.conf
Default content of the ntopng.conf file
Modified content of the ntopng.conf file
Note: Only the required network interface (s) should be added (enabled).
sudo nano /etc/ntopng.start
Default content of the ntopng.start file
--local-networks "172.16.196.0/22"
--interface 1
Restart Ntopng service
systemctl restart ntopng
Run Web browser with start path to Ntopng
http://your-server-ip:3000
Ntopng login screen
Note: The default username and password are «admin»
- «admin»
Ntopng main screen
For DEBIAN
wget http://apt.ntop.org/buster/all/apt-ntop.deb
dpkg -i apt-ntop.deb
apt update
apt install pfring-dkms nprobe ntopng n2disk cento -y
systemctl start ntopng
systemctl enable ntopng
nano /etc/ntopng/ntopng.conf
-G=/var/run/ntopng.pid
# Interface de red
-i=enp0s25
# Puerto Acceso web
-w=3000
nano /etc/ntopng/ntopng.start
--local-networks "172.16.196.0/24"
--interface 1
systemctl restart ntopng
http://your-server-ip:3000
Conclusion
As we can see «Ntopng»
is a fabulous tool for FOSS that offers us excellent capabilities and benefits at the level of network traffic monitoring of our computers. For those who like to use applications a little more advanced than usual to scrutinize certain aspects of technology and operating systems in detail, «Ntopng»
it is an excellent option to try.
If you have ever used the same, share with us your impressions and experience via comments, so that together we enrich the knowledge of the entire Free Software and Open Source Community.
And for more information, always do not hesitate to visit any Online library as OpenLibra y jedit to read books (PDFs) on this topic or others knowledge areas. For now, if you liked this «publicación»
, don't stop sharing it with others, in your Favorite websites, channels, groups, or communities of social networks, preferably free and open as Mastodon, or secure and private like Telegram.
Or simply visit our home page at DesdeLinux or join the official Channel Telegram from DesdeLinux to read and vote for this or other interesting publications on «Software Libre»
, «Código Abierto»
, «GNU/Linux»
and other topics related to «Informática y la Computación»
, and the «Actualidad tecnológica»
.