ntopng

High-Speed Web-based Traffic Analysis and Flow Collection Tool

ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well. ntopng users can use a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of: * a web interface * limited configuration and administration via the web interface * reduced CPU and memory usage (they vary according to network size and traffic) What ntopng can do: * Sort network traffic according to many protocols * Show network traffic and IPv4/v6 active hosts * Store on disk persistent traffic statistics in RRD format * Geolocate hosts * Discover application protocols by leveraging on nDPI, ntop’s DPI framework * Characterise HTTP traffic by leveraging on characterisation services provided by block.si. ntopng comes with a demo characterisation key, but if you need a permanent one, please mail [email protected] * Show IP traffic distribution among the various protocols * Analyse IP traffic and sort it according to the source/destination * Display IP Traffic Subnet matrix (who’s talking to who?) * Report IP protocol usage sorted by protocol type * Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks) when used together with nProbe * Produce HTML5/AJAX network traffic statistics