Who really knows what are the protocols used in the local network? Usually with netflow you can distinguish traffic per l4 port (80=http,443=https,..) but this is no more sufficient. Some applications use dynamic ports (see nfs, ftp, routed sap, …), several applications use the same ports, how can we distinguish them?
Applications grow and change really fast (like all stuff in IT world) and it is not easy to keep your netflow analysis tool aligned with this evolution.
Ntopng is able to automatically detect the applications that are generating the traffic without having to define and use filters.
With ntopng you can have an overview of the application protocols out of the box: just two clicks and you have the top application protocols.
Ok but … who is eating the bandwidth? Easy: Let ntopng show you the top downloaders and sort them by throughput:
You see, it is quite simple to discover unexpected talkers.
Ntopng provides you an overview of several statistics on Subnets, Autonomous Systems, Flows Matrix, Geolocalization and many others. If special plugins are enabled you see detailed information about protocols like SIP, RTP, HTTP, BGP, DHCP, DNS, IMAP, RADIUS.
Here is the example of a flow of the RTP protocol for a voice communication. We have all performance metrics in touch: jitter, lost packets,max interarrival time, MOS, R-Factor.
The solution does not only provide a pretty frontend for traffic statistics, it is also offers an engine to constantly keeping your network under control. Define alarms and get notifications through the NetEye integration.
There are standard thresholds that you can set directly from the GUI (for example the bytes throughput for each single host) to get the relative alarms in NetEye.
Define a ntopng host (example: ntopng-host) in NetEye and then a service with a passive check (example: NtopngAlert). Enable in ntopng alert preferences and do the Nagios integration (you may follow the steps described in this article).
Thanks to a Lua API you can define fully customized rules to generate additional alarms, which obviously can be managed and monitored with NetEye.
Let’s consider an example: you want to make sure that some specific applications, which may be OneDrive,Dropbox or any others, do not eat too much internet bandwidth. In this case, it is enough to write a Lua callback that reads the statistics on the l7 traffic and generates an alert in case of exceeded bandwidth consumption.
Our consultants can help you in defining / implementing such Lua rules.