![]() Monitor Remote Hosts using active monitoring (ICMP, Continuous ICMP, HTTP/S, Throughput, SpeedTest) Monitor the active flows and hosts of your network (number of interfaces) † Features are highlighted in the following table. The Professional and Enterprise offer some extra features that are particularly useful for SMEs or larger organizations. The Community version is free to use and opensource (code can be found on Github). Ntopng comes in three versions: Community, Professional, and Enterprise M/L/XL. Protocol decoders for all application protocols supported by nDPI.Internet Domain, AS, VLAN (Virtual LAN) Statistics.sFlow, NetFlow (including v5 and v9) and IPFIX support through nProbe (collection from multiple nProbes is supported).Web interface extensions without having to change the ntopng C++ engine.250+ Layer-7 application protocols supported by nDPI.Available through any HTML5-ready web browser.Windows 圆4 (including the latest Windows 10).Native nTap support for collecting traffic from cloud, VMs, containers and physical hosts.REST API to ease integrations with third-parties.Behavioral traffic analyses such as lateral movements and periodic traffic detection.Focused on traffic visibility and cybersecurity.Identity Management, including correlation of VPN users to traffic.SNMP v1/v2c/v3 support and continuous monitoring of SNMP devices.Interactive historical exploration of monitored data exported to ClickHouse (no MySQL or ElasticSearch support).Support for ClickHouse, MySQL, ElasticSearch export of monitored data.Full Layer-2 support (including ARP statistics).Produce HTML5/AJAX network traffic statistics.Report IP protocol usage sorted by protocol type.Analyze IP traffic and sort it according to the source/destination.Discover Layer-7 application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology.Geolocate and overlay hosts in a geographical map.Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses.Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted.Top talkers (senders/receivers), top ASs, top L7 application protocols.Produce long-term reports for several network metrics including throughput and L7 application protocols. ![]() Show realtime network traffic and active hosts.Sort network traffic according to many criteria including IP address, port, Layer-7 (L7) application protocols, throughput, Autonomous Systems (ASs).It allowed me to discover interesting behaviors and patterns that I could have never discovered otherwise. fritzpcap environment : - FRITZIP= - FRITZUSER=" mode : preserve - name : up _compose : project_src : ~/ntopng build : true recreate : always ConclusionĪfter these steps, my homenet’s network monitor system was up and running. nf:/nf:ro - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment : - TZ=Europe/Rome command : - "/nf" ports : - 3000 networks : - proxy restart : unless-stopped fritzpcap : build. Version : '3' services : app : container_name : ntopng image : ntop/ntopng volumes : - data:/var/lib/ntopng. Now back to ntopng: can it read pcap files? The answer is yes! Quoting the docs: When you start capturing, the stream of packets in the Libpcap format starts downloading, and you can read it with Wireshark or tshark. So how could I monitor my homenet’s traffic without even having the physical prerequisites to do it? The hidden beauties of Fritz!BoxesĪctually I could, because after some quick searches I discovered that every Fritz!Box router has some obscure undocumented pages, including which allows to freely capture the traffic of all the available network interfaces. The problem was that neither my main ISP-provided router and Fritz!Box router (that I’m currently using just as a switch) had the possibility to set one port as mirrored. The less ideal but still cool setup would be using a mirrored port on a switch, to forward all the traffic to the monitoring machine. The ideal setup would be installing it on a dedicated machine to use as router, but I wasn’t planning on that. Then I came across ntopng, which is an open-source network traffic monitoring and analysis tool, and I said to myself that I wanted it. One day I have decided that I wanted to monitor the traffic of my home network.įor the services I self-host in my home, I had recently upgraded from a Raspberry Pi 3B+ to a refurbished Dell WYSE 5070 thin client and I was looking for other things to self-host. This post shows how I set up an home network traffic monitoring system in an unconventional way. Self-Hosting sysadmin docker security network.Self-hosted home network traffic monitoring with ntopng and a Fritz!Box
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |