Ntopng : Web-based Traffic & Security Network Traffic Monitoring

Ntopng is a web-based network traffic monitoring application released under GPLv3. It is the new incarnation of the original ntop written in 1998, and now revamped in terms of performance, usability, and features.

If instead of source code you prefer to use a pre-built package, please go to http://packages.ntop.org

We build binary packages for the following platforms:

  • Ubuntu Linux Server x64
  • CentOS/RedHat Linux x64
  • Windows x64
  • RaspberryPI/BeagleBoard ARM (based on Ubuntu Linux)
  • Ubiquity Networks EdgeRouter (MIPS)

Three versions of ntopng are available, namely Community, Professional and Enterprise. ntopng automatically switches to one of these three versions, depending on the presence of a license.

Also Read – Wordlistctl : Fetch, Install & Search Wordlist Archives From Websites & Torrent Peers

Features and comparisons of these three versions are available at https://www.ntop.org/products/traffic-analysis/ntop/.

The Community does not need any license. Professional and Enterprise versions require a license.

License is per-server and is released according to the EULA (End User License Agreement). Each license is perpetual (i.e. it does not expire) and it allows to install updates for one year since purchase/license issue.

This means that a license generated on 1/1/2018 will be able to activate new versions of the software until 1/1/2019.

If you want to install new versions of the software release after that date, you need to renew the maintenance or avoid further updating the software.

For source-based ntopng you can refer to the GPL-v3 License.

ntopng licenses are generated using the orderId and email you provided when the license has been purchased on https://shop.ntop.org/.

Main Features

  • Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, Autonomous Systems (ASs)
  • Show realtime network traffic and active hosts
  • Produce long-term reports for several network metrics including throughput and application protocols
  • Top talkers (senders/receivers), top ASs, top L7 applications
  • Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
  • Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
  • Geolocate and overlay hosts in a geographical map
  • Discover application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology
  • Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist.
  • Analyse IP traffic and sort it according to the source/destination.
  • Report IP protocol usage sorted by protocol type
  • Produce HTML5/AJAX network traffic statistics.
  • Full support for IPv4 and IPv6
  • Full Layer-2 support (including ARP statistics)
  • GTP/GRE detunnelling
  • Support for MySQL, ElasticSearch and LogStash export of monitored data
  • Interactive historical exploration of monitored data exported to MySQL
  • Alerts engine to capture anomalous and suspicious hosts
  • SNMP v1/v2c support and continuous monitoring of SNMP devices.