Traffic Analysis & Enforcement

nTopNG

High-Speed Web-based Traffic Analysis and Flow Collection

nTopNG is a network traffic probe that provides 360° Network visibility, with its ability to gather traffic information from traffic mirrors, NetFlow exporters, SNMP devices, Firewall logs, Intrusion Detection systems.

360° Network Visibility

  • Comprehensive Traffic Monitoring & Analysis

    Sorts network traffic by IP address, port, Layer-7 (L7) application protocols, throughput, and Autonomous Systems (ASs), providing real-time visibility into network activity and active hosts.

  • Advanced Reporting & Historical Insights

    Generates long-term reports on key network metrics, including throughput, L7 protocols, and top talkers (senders/receivers), with persistent traffic storage for post-mortem analysis.

  • Deep Packet Inspection & Behavioral Analysis

    Leverages nDPI technology to detect L7 application protocols (e.g., Facebook, YouTube, BitTorrent) and perform behavioral traffic analysis, including lateral movement and periodic traffic detection.

  • Performance & Security Monitoring

    Tracks live throughput, application latencies, Round Trip Time (RTT), TCP statistics (e.g., retransmissions, out-of-order packets, packet loss), and offers identity management to correlate VPN users with traffic.

  • Flexible Data Export & Integration

    Supports exporting monitored data to ClickHouse, MySQL, and ElasticSearch, with interactive historical data exploration for ClickHouse. Includes a REST API for seamless third-party integrations.

  • Cloud & Network-Wide Visibility

    Provides full IPv4/IPv6 and Layer-2 support, GTP/GRE detunneling, SNMP monitoring, geolocation mapping, and native nTap support for capturing traffic from cloud, VMs, containers, and physical hosts.

Use Cases

Monitor a Physical Interface

A physical NIC card can be monitored simply by specifying its interface name as

ntopng -i eth0

Flow Collection

Flow collection requires ntopng to be used in conjunction with nProbe which can act as probe/proxy. The communication between nProbe and ntopng takes place over ZeroMQ, a publish-subscribe protocol that allows ntopng to communicate with nProbe. An environment where a remote nProbe is physically monitoring from a NIC and sending monitored flows to ntopng can be deployed as

nprobe -i eth1 --zmq tcp://192.168.1.1:5556 -T @NTOPNG@
ntopng -i tcp://192.168.1.1:5556

License

Licensee’s use of this software is conditioned upon acceptance of the terms specified by ntop.

Operating Systems

Linux, Windows, Mac OS

Dashboard

Dashboard

Dashboard - Dark Mode

Dashboard - Dark Mode

Active Hosts

Active Hosts

Host Details

Host Details

Host Application Protocols

Host Application Protocols

Host Historical Traffic

Host Historical Traffic

Active Flows

Active Flows

Flow Details

Flow Details

Autonomous Systems

Autonomous Systems

Layer-2 Devices

Layer-2 Devices

Interface Details

Interface Details

Interface Historical Traffic

Interface Historical Traffic

Engaged Host Alerts

Engaged Host Alerts

Past Host Alerts

Past Host Alerts

Flow Alerts

Flow Alerts

Host Alerts Configuration

Host Alerts Configuration

Flow Alerts Configuration

Flow Alerts Configuration

Interface Alerts Configuration

Interface Alerts Configuration

SNMP Alerts Configuration

SNMP Alerts Configuration

Countries

Countries

Hosts Geomap

Hosts Geomap

System_Interface.png
Traffic Report 1/2

Traffic Report 1/2

Traffic Report 2/2

Traffic Report 2/2