Monitoring network traffic with ntopng
The open source ntopng tool provides deep insights into network traffic and supports troubleshooting when network problems occur.
Administrators are well advised to monitor the availability and quality of their networks continuously. The open source ntopng tool has been tried and tested for years. In this article, I investigate how to commission the latest Enterprise version and explore its feature set.
Ntopng was originally developed by Luca Deri, a scientist at the University of Pisa, under the name ntop [1], which explains why the business still operates under the name „ntop di Deri Luca.“ The name ntop is derived from the Unix top
program, which lets network administrators view system information related to CPU and memory usage and the currently running processes of a Unix system.
In this vein, ntopng is a network top
program that lets admins display all the relevant parameters for the connected networks. Ntopng is a passive network monitoring tool that supports statistical evaluation of traffic data on the connected networks; it does not actively intervene in the network traffic (but see the „Layer 7 Manipulation“ box). Ntopng is therefore ideally suited as a tool for administrators wanting to answer, among others, the following questions:
- What devices are currently on the network?
- How much traffic do the various devices cause on the network?
- Which devices are communicating or exchanging data with others (internally and externally)?
- What kind of bandwidth is used by each device, or which device is currently hogging the Internet connection?
- What protocols exist on the network, and how is network traffic distributed among them?
- Is any suspicious data traffic on the network caused by, for example, viruses or Trojans?
Ntopng is ideally suited for monitoring small and medium-sized Class C networks at gigabit speeds but can also be used for monitoring larger networks, given appropriate hardware….