ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well.
ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntopng can be seen as a simple RMON-like agent with an embedded web interface. The use of:
- a web interface.
- limited configuration and administration via the web interface.
- reduced CPU and memory usage (they vary according to network size and traffic).
- Sort network traffic according to many protocols
- Show network traffic and IPv4/v6 active hosts
- Store on disk persistent traffic statistics in RRD format
- Geolocate hosts
- Discover application protocols by leveraging on nDPI, ntop’s DPI framework.
- Characterise HTTP traffic by leveraging on characterisation services provided by block.si. ntopng comes with a demo characterisation key, but if you need a permanent one, please mail [email protected]
- Show IP traffic distribution among the various protocols
- Analyse IP traffic and sort it according to the source/destination
- Display IP Traffic Subnet matrix (who’s talking to who?)
- Report IP protocol usage sorted by protocol type
- Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe.
- Produce HTML5/AJAX network traffic statistics
Installation (Ubuntu Server example):
At the time of writing ntopng does not appear in any of the repos, so you can install it from source or they do have binary packages available as nightly builds. However, there is a ppa for Ubuntu which is what I’ve used here to keeps things quick and easy to get a feel for the application. For binary downloads and source code see http://www.ntop.org/get-started/download/
PPA from https://launchpad.net/~cavedon/+archive/ntop
sudo add-apt-repository ppa:cavedon/ntop sudo apt-get update sudo apt-get install ntopng sudo service ntopng start
ntopng should be running now, a quick check with a netstat verifies this as it runs on port 3000
sudo netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 857/sshd tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 2306/ntopng tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 2163/redis-server 1 tcp6 0 0 :::22 :::* LISTEN 857/sshd