At the end of June, Luca Deri gave a webinar presenting the new features of the next ntopng release. I’d like to take this opportunity now to present these innovations to all of you.
The main enhancements of the new release have been made in the following areas:
Extension of the ntopng functionalities for the monitoring of OT/Scada systems
Aggregated flows
Zoom and MS Teams monitoring
Inactive monitoring
New GUI: Tables and charts
Extension of the ntopng functionalities for the monitoring of OT/Scada systems
With the new ntopng release, ntopng is able to detect, report and alert:
Unusual error messages
Unsupported function calls
Function calls that have not been used before
Unknown function codes
Abnormal protocol behavior
Unexpected state transitions
Values outside of defined ranges
Changes in frequency / periodicity
Various Modbus alarms can be activated as behavioral checks:
To enable the detection of abnormal behavior, the following parameters must be configured in the settings in the Behavioural Learning area:
Aggregated flows
The historical flows are already stored in a Clickhouse database. Over time, this historical data can become very large. If you want to look at data older than a week, for example, you may no longer need such precise granularity.
Thus ntopng now includes the possibility of storing flows aggregated according to criteria you can set yourself. This also depends on alerts.
Zoom and MS Teams monitoring
There are always difficulties in using MS Teams. Thus, a request was made to ntop to improve the monitoring of Zoom and MS Teams connections.
For this reason, nDPI and nProbe have been extended accordingly:
With these extensions, ntopng can now display the individual flows even better. The following screenshot from the new release shows how ntopng can display the flows in even more detail. Please note the info column, in which further personalization of the flows can be made.
Inactive monitoring
With the new ntopng release it will be the first time that ntopng shows hosts which are no longer active. In the standard host overview you now will see which hosts are currently active and which are no longer active.
New GUI: Tables and charts
The main implementation change here was the presentation of graphical charts. Since performance problems constantly arose when using the graphic charts, it became necessary to rely on a new technology. Therefore, new libraries for the graphic chart representations were implemented, resulting in significant performance improvements.
These Solutions are Engineered by Humans
Did you read this article because you’re knowledgeable about networking? Do you have the skills necessary to manage networks? We’re currently hiring for roles like this as well as other roles here at Würth Phoenix.
I started my professional career as a system administrator.
Over the years, my area of responsibility changed from administrative work to the architectural planning of systems.
During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye.
In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.
Author
Tobias Goller
I started my professional career as a system administrator.
Over the years, my area of responsibility changed from administrative work to the architectural planning of systems.
During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye.
In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.
On 14.08.2024 ntopng released its latest version 6.2. I'd like to use this post to emphasize some of the key innovations it brings. There were many changes and bug fixes in this release. Some major improvements and enhancements are as Read More
In order to be able to carry out detailed network monitoring, an IT administrator naturally wants to know what is happening in his or her network. To obtain this information, the network flows must of course be analyzed. Many network Read More
As you may know, I do ntopng consulting, and support companies in their implementation of ntop solutions. For some time now, ntopng users have noticed a high amount of QUIC traffic in their respective networks. Most people don't really know Read More
Every now and then I like to keep you up to date about news in the ntop environment. This time it's not news about analysis methods or software, but about a new hardware solution. If you're someone looking for a Read More
After my last ntopng trainings, which I taught as an instructor, I noticed that many ntopng users were not familiar with the display of multiple time series charts overlapping in one graphic. Since I believe that this is one of Read More