Who really knows what are the protocols used in the local network? Usually with netflow you can distinguish traffic per l4 port (80=http,443=https,..) but this is no more sufficient. Some applications use dynamic ports (see nfs, ftp, routed sap, …), several applications use the same ports, how can we distinguish them?
Applications grow and change really fast (like all stuff in IT world) and it is not easy to keep your netflow analysis tool aligned with this evolution.
Ntopng is able to automatically detect the applications that are generating the traffic without having to define and use filters.
How to know if certain applications are eating all your bandwidth?
With ntopng you can have an overview of the application protocols out of the box: just two clicks and you have the top application protocols.
Ok but … who is eating the bandwidth? Easy: Let ntopng show you the top downloaders and sort them by throughput:
You see, it is quite simple to discover unexpected talkers.
Ntopng provides you an overview of several statistics on Subnets, Autonomous Systems, Flows Matrix, Geolocalization and many others. If special plugins are enabled you see detailed information about protocols like SIP, RTP, HTTP, BGP, DHCP, DNS, IMAP, RADIUS.
Here is the example of a flow of the RTP protocol for a voice communication. We have all performance metrics in touch: jitter, lost packets,max interarrival time, MOS, R-Factor.
How to keep them all under control?
The solution does not only provide a pretty frontend for traffic statistics, it is also offers an engine to constantly keeping your network under control. Define alarms and get notifications through the NetEye integration.
There are standard thresholds that you can set directly from the GUI (for example the bytes throughput for each single host) to get the relative alarms in NetEye.
Define a ntopng host (example: ntopng-host) in NetEye and then a service with a passive check (example: NtopngAlert). Enable in ntopng alert preferences and do the Nagios integration (you may follow the steps described in this article).
There are predefined alerts on well known security issues like syn floods, connections with blacklisted hosts.
There are never enough default alerts…
Thanks to a Lua API you can define fully customized rules to generate additional alarms, which obviously can be managed and monitored with NetEye.
Let’s consider an example: you want to make sure that some specific applications, which may be OneDrive,Dropbox or any others, do not eat too much internet bandwidth. In this case, it is enough to write a Lua callback that reads the statistics on the l7 traffic and generates an alert in case of exceeded bandwidth consumption.
Our consultants can help you in defining / implementing such Lua rules.
Hi everyone, I’m Luca, graduated in electrical engineering from the University of Bologna. I am employed by Würth Phoenix since its foundation. I worked mainly as enterprise architect and quality assurance engineer. Previously I was involved in systems measurement and embedded systems programming. I have gained experience on Unix (Solaris, HPUX), Windows, and C, C + +, Java. I personally contribute to the Open Source community as beta tester and developer. During my spare time I love piloting airplanes fly over the beautiful Alps. I practice many sports: tennis, broomball, skiing, alpine skiing, volleyball, soccer, mountain biking, middle distance, none have a sample but the competition excites me! I love hiking, tracking and traveling.
Author
Luca Di Stefano
Hi everyone, I’m Luca, graduated in electrical engineering from the University of Bologna. I am employed by Würth Phoenix since its foundation. I worked mainly as enterprise architect and quality assurance engineer. Previously I was involved in systems measurement and embedded systems programming. I have gained experience on Unix (Solaris, HPUX), Windows, and C, C + +, Java. I personally contribute to the Open Source community as beta tester and developer. During my spare time I love piloting airplanes fly over the beautiful Alps. I practice many sports: tennis, broomball, skiing, alpine skiing, volleyball, soccer, mountain biking, middle distance, none have a sample but the competition excites me! I love hiking, tracking and traveling.
Scenario NetEye 4 provides a graphical engine to represent time series monitoring data stored in an Influx database: the Grafana engine accessible through the ITOA menu on the left hand side. Grafana is very powerful: it consists of a dashboard Read More
Today I'd like to share a peculiar request I received during one of my recent Consulting Sessions. It's just a highly specific Business Case, but it led me to wonder: what if I could find a way to generalize it? Read More
As you may know, I do ntopng consulting, and support companies in their implementation of ntop solutions. For some time now, ntopng users have noticed a high amount of QUIC traffic in their respective networks. Most people don't really know Read More
Every now and then I like to keep you up to date about news in the ntop environment. This time it's not news about analysis methods or software, but about a new hardware solution. If you're someone looking for a Read More
Do you have a SIEM installation based on Elasticsearch (like the NetEye 4 SIEM Module) and are you sending data to it from your hosts? Then you'll surely want to know whether your host is actually sending data, or if Read More