This article covers how to install ntopng on Ubuntu OS and access its web interface. In fact, Ntopng is an essential application for monitoring and troubleshooting network problems.
More about Ntopng
Ntopng basically is a network traffic probe that will monitor network usage. It is based on libpcap, a Library written as part of a larger program called TCPDump. Ntopng is based on Redis key value server rather than traditional database, leverages nDPI for protocol discovery, supports host geolocation, and can display real-time flow analysis for connected hosts.
Main Features of Ntopng:
- Packet capture → Packet capture / transmission using basic hardware with PF_RING. Zero-copy package distribution across threads, applications, and virtual machines. Includes Libpcap support for seamless integration with legacy applications.
- Traffic recording → Lossless network traffic recording of 10 Gbit and above with n2disk. Industry standard PCAP file format. It allows to quickly retrieve packages using BPF. Accurate traffic reproduction with disk2n.
- Network probe → nProbe- NetFlow v5 / v9 / IPFIX extensible probe with plug-in support for L7 content inspection.
- Report on the use of the IP protocol → Even going so far as to classify it by type of protocol.
- Traffic analysis → High speed web based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis leveraging nDPI, an open source DPI framework. Even going so far as to classify the traffic according to the source / destination.
- Geolocate and Overlay Hosts → This will be done on a geographic map.
- Alert engine → We can capture anomalous and suspicious hosts.
- Produce network traffic statistics → Using HTML5 / AJAX technology.
- We will have full support for current network protocols → Including IPv4 and IPv6.