High-Speed Web-based Traffic Analysis and Flow Collection
ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well.
ntopng – yes, it’s all lowercase – provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.
- Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, Autonomous Systems (ASs)
- Show realtime network traffic and active hosts
- Produce long-term reports for several network metrics including throughput and application protocols
- Top talkers (senders/receivers), top ASs, top L7 applications
- Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
- Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
- Geolocate and overlay hosts in a geographical map
- Discover application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
- Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist.
- Analyse IP traffic and sort it according to the source/destination.
- Report IP protocol usage sorted by protocol type
- Produce HTML5/AJAX network traffic statistics.
- Full support for IPv4 and IPv6
- Full Layer-2 support (including ARP statistics)
- GTP/GRE detunnelling
- Support for MySQL, ElasticSearch and LogStash export of monitored data
- Interactive historical exploration of monitored data exported to MySQL
- Alerts engine to capture anomalous and suspicious hosts
- SNMP v1/v2c support and continuous monitoring of SNMP devices
- Identity Management, including correlation of VPN users to traffic