Monitoring network traffic with ntopng

Eyes on the Network

Settings and Interfaces

The Interfaces menu lets you change the settings for a network interface. The interface page shows status information on the current traffic, and you can return to this view at any time by clicking the Home icon. To make sure that ntopng saves network traffic permanently, press the hard disk button (fifth from the right) and check the Continuous Traffic Recording box.

After successfully starting recording, a blue hard disk icon appears in the Status tab. You can specify here how many gigabytes of data you want ntopng to store at the most. Directly below this field you will also find details of the volume of data ntopng has already collected or how much disk space has already been used. Ntopng relies on an independent module named n2disk, for which you need a separate license, to record the data traffic. For information on the license, look under Settings | Traffic Recording | License in the main menu. N2disk is only available for Linux installations.

Another important point in the network interface settings is the threshold values for generating alerts on the Alerts dashboard. In the interface settings, click on the icon with the warning label and set the desired thresholds for which ntopng should generate an alert. You can set your own thresholds for each time interval (every minute, every five minutes, hourly, daily). Don't forget to save the changes afterward by pressing the Save Configuration button.

Hosts and Host Pools

The Hosts menu lets you access all devices that generate traffic on the network from a list. The filter settings above the column headers of the table let you restrict the view to local hosts and IPv4 hosts to improve clarity. Clicking on the column headers sorts in ascending or descending order; clicking on a host's IP address calls up a detailed view of the system in question. As in the settings for an interface, the icon with the warning sign lets you define thresholds for generating alerts and, of course, retrieve information on network traffic and the protocols used.

One interesting option is the ability to group hosts in host pools. From the default Home view of the Host Details page, click the gear icon next to the Host Pool label and then click Edit Host Pools . After you have defined groups such as Servers and Clients , you can assign individual hosts to these groups. Under Hosts | Host Pools , you can then display the volume of network traffic a group has generated in total. By the way, the Autonomous Systems item in the Hosts menu are remote hosts that ntopng has assigned to a specific network provider such as Google, Hetzner, and the like according to their IP addresses.

Flows

Flows – active connections between clients and servers – are displayed in a table, as in the Host view. As before, you can further hone the list of flows with the filters on the right to improve clarity. In addition to known filters such as local or remote Hosts and IP Version , the Flow view provides additional filters for the application protocols currently in use. Applications shows all the protocols currently being used in flows. The list becomes even clearer if you filter for network applications with Categories . Ntopng then shows the categories used by the devices, such as Cloud, Chat, and Web.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus