« Previous 1 2 3 4 5
Monitoring network traffic with ntopng
Eyes on the Network
Alerts
As mentioned earlier, ntopng can generate alerts for certain events and for cases when thresholds are exceeded or not reached. Although supported events (e.g., adding a new device or contacting a malware host) are hard-coded in the program, you can set threshold alerts individually.
All alerts are displayed on the Alerts dashboard (Figure 5), where they can be filtered by time period and whether local or remote for a better overview. A click on the respective host IP address takes you to detailed information on the respective alert. Ntopng can also display all alerts in tabular form with Detected Alerts .
Figure 5: Ntopng generates alerts according to events and threshold values. Flow Alerts Explorer helps you detect suspicious traffic from a malware or botnet server, for example.
Furthermore, ntopng can both display the alarms in the web interface and forward them to third-party applications. The currently supported crop of applications is email, Slack, Syslog, Nagios, and web hooks. The web hook option provides a universal HTTP interface for encoding alerts as JSON messages and passing them to an HTTP endpoint. Depending on certain alerts, the web hook can be used to control systems with a RESTful API (e.g., firewall or network management systems) and trigger certain responses.
Conclusions
Ntopng helps administrators monitor their networks and provides detailed information on bandwidth usage and the protocols and applications used, as well as deep insights into network traffic. The tool is indispensable for troubleshooting network problems.
The cost of Professional and Enterprise versions are very manageable, and both offer considerable advantages over the free Community edition. Unfortunately, the Windows version contains significantly fewer features than the Linux version.
Infos
- ntop: https://www.ntop.org
- ntopng Edge (nEdge): https://www.ntop.org/products/traffic-analysis/ntopng-edge/
- ntop for universities, nonprofit organizations, and research institutions: https://www.ntop.org/support/faq/do-you-charge-universities-no-profit-and-research/
- ntopng versions: https://www.ntop.org/products/traffic-analysis/ntop/
- Licenses for Professional and Enterprise editions: https://shop.ntop.org
- Download: https://packages.ntop.org
- Instructions for Let's Encrypt: https://www.ntop.org/ntopng/securing-ntopng-with-ssl-and-lets-encrypt/
« Previous 1 2 3 4 5
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
New versions of the Endian and Sophos UTM solutions
UTM systems combat all kinds of dangers under the policy of Unified Threat Management. The demands and expectations of customers fuel competition. Two of the most popular manufacturers – Endian and Sophos – have now released new versions of their solutions. -
Improved visibility on the network
OpenNMS collects and visualizes flows so you can discover which network devices communicate with each other and the volume of data transferred. -
Successful protocol analysis in modern network structures
Virtual networks and server structures require additional mechanisms to ensure visibility of data streams. We show how to monitor and analyze network functions, even when virtualization is involved. -
Open Source Security Information and Event Management system
Systems, network, and security professionals face a big problem managing disparate security data from a variety of sources. OSSIM gives IT security professionals the capacity to cut through the noise and gain wisdom and foresight in defending and managing their networks. -
Implementing custom security frameworks with Bro
The Bro security framework takes a new approach to security monitoring, with the emphasis on trends and long-term analysis.