27. 04. 2017 Luca Di Stefano Unified Monitoring

Find out who is eating your bandwidth with ntopng

Who is eating my bandwidth

Who really knows what are the protocols used in the local network? Usually with netflow you can distinguish traffic per l4 port (80=http,443=https,..) but this is no more sufficient. Some applications use dynamic ports (see nfs, ftp, routed sap, …), several applications use the same ports, how can we distinguish them?

Applications grow and change really fast (like all stuff in IT world) and it is not easy to keep your netflow analysis tool aligned with this evolution.

Ntopng is able to automatically detect the applications that are generating the traffic without having to define and use filters.

How to know if certain applications are eating all your bandwidth?

With ntopng you can have an overview of the application protocols out of the box: just two clicks and you have the top application protocols.

Selection_577

Ok but … who is eating the bandwidth? Easy: Let ntopng show you the top downloaders and sort them by throughput:

Selection_581

You see, it is quite simple to discover unexpected talkers.

Ntopng provides you an overview of several statistics on Subnets, Autonomous Systems, Flows Matrix, Geolocalization and many others. If special plugins are enabled you see detailed information about protocols like SIP, RTP, HTTP, BGP, DHCP, DNS, IMAP, RADIUS.

Here is the example of a flow of the RTP protocol for a voice communication. We have all performance metrics in touch: jitter, lost packets,max interarrival time, MOS, R-Factor.

Selection_583

How to keep them all under control?

The solution does not only provide a pretty frontend for traffic statistics, it is also offers an engine to constantly keeping your network under control. Define alarms and get notifications through the NetEye integration.

Selection_582

There are standard thresholds that you can set directly from the GUI (for example the bytes throughput for each single host) to get the relative alarms in NetEye.

Selection_579

Define a ntopng host (example: ntopng-host) in NetEye and then a service with a passive check (example: NtopngAlert). Enable in ntopng alert preferences and do the Nagios integration (you may follow the steps described in this article).

There are predefined alerts on well known security issues like syn floods, connections with blacklisted hosts.Selection_586

There are never enough default alerts…

Thanks to a Lua API you can define fully customized rules to generate additional alarms, which obviously can be managed and monitored with NetEye.

Let’s consider an example: you want to make sure that some specific applications, which may be OneDrive,Dropbox or any others, do not eat too much internet bandwidth. In this case, it is enough to write a Lua callback that reads the statistics on the l7 traffic and generates an alert in case of exceeded bandwidth consumption.

Our consultants can help you in defining / implementing such Lua rules.

Enjoy!

Luca Di Stefano

Luca Di Stefano

Solution Architect at Würth Phoenix
Hi everyone, I’m Luca, graduated in electrical engineering from the University of Bologna. I am employed by Würth Phoenix since its foundation. I worked mainly as enterprise architect and quality assurance engineer. Previously I was involved in systems measurement and embedded systems programming. I have gained experience on Unix (Solaris, HPUX), Windows, and C, C + +, Java. I personally contribute to the Open Source community as beta tester and developer. During my spare time I love piloting airplanes fly over the beautiful Alps. I practice many sports: tennis, broomball, skiing, alpine skiing, volleyball, soccer, mountain biking, middle distance, none have a sample but the competition excites me! I love hiking, tracking and traveling.

Author

Luca Di Stefano

Hi everyone, I’m Luca, graduated in electrical engineering from the University of Bologna. I am employed by Würth Phoenix since its foundation. I worked mainly as enterprise architect and quality assurance engineer. Previously I was involved in systems measurement and embedded systems programming. I have gained experience on Unix (Solaris, HPUX), Windows, and C, C + +, Java. I personally contribute to the Open Source community as beta tester and developer. During my spare time I love piloting airplanes fly over the beautiful Alps. I practice many sports: tennis, broomball, skiing, alpine skiing, volleyball, soccer, mountain biking, middle distance, none have a sample but the competition excites me! I love hiking, tracking and traveling.

Latest posts by Luca Di Stefano

27. 04. 2017 Uncategorized
Chi si sta mangiando la banda? Scoprilo con ntopng
27. 04. 2017 Uncategorized
Identifizieren Sie Bandbreitenfresser mit ntopng
22. 09. 2016 NetEye, Real User Experience Monitoring
Warum erhöht sich meine Netzwerk-Latenz an Arbeitstagen?
22. 09. 2016 NetEye, Predictive Analysis, Real User Experience, Unified Monitoring
Why does my local network latency increase during working hours?
22. 09. 2016 NetEye, Real User Experience Monitoring
Perchè aumenta la mia latenza di rete durante i giorni lavorativi?
See All

Related Content

Tags: , , ,

06. 05. 2024 Unified Monitoring

QUIC, What’s That?

As you may know, I do ntopng consulting, and support companies in their implementation of ntop solutions. For some time now, ntopng users have noticed a high amount of QUIC traffic in their respective networks. Most people don't really know Read More
05. 03. 2024 Unified Monitoring

nBox Mini

Every now and then I like to keep you up to date about news in the ntop environment. This time it's not news about analysis methods or software, but about a new hardware solution. If you're someone looking for a Read More
22. 12. 2023 Log-SIEM, NetEye, Unified Monitoring

SIEM: Monitor Hosts Sending Data to Elasticsearch

Do you have a SIEM installation based on Elasticsearch (like the NetEye 4 SIEM Module) and are you sending data to it from your hosts? Then you'll surely want to know whether your host is actually sending data, or if Read More
01. 10. 2023 Events, NetEye, SEC4U, Unified Monitoring

NETEYE USER GROUP 2023… #italianedition

The event of the year, the NetEye User Group, is back! The User group is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback and ideas. This Read More
01. 10. 2023 Events, NetEye, SEC4U, Unified Monitoring

NETEYE USERGROUP 2023… NUREMBERG EDITION!

...also this year, Würth Phoenix & Gravitate organized the annual Usergroup DACH 2023 in Nuremberg. The Usergroup is not only a chance to inform our customers about new products and releases, but also an occasion to meet and exchange feedback Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive