03. 06. 2010 Andrea di Lernia Uncategorized

Using Ntop in collaboration with NetEye

ntop is a web-based traffic analyzer that can also be used as sflow/netflow collector. It is designed to show all the traffic sorted per host/protocol/interface. This apparently makes it similar to a netflow collector such as the one integrated into NetEye. In practice the there are important differences that make NetEye a more flexible collector:
– ability to set specific traffic profiles so that traffic matching a certain rule (e.g. traffic from network X on protocol Y) can be tracked individually
– ability to setup thresholds and trigger alarms based on them
– persistent flow database that can keep track of flows for months, so that not only you get the metric value (similar to ntop) but also get evidence of the flows that have generated the metric value.
As for NetEye vs nBox see the enclosed picture.

The nBox is a physical appliance that turns packets into netflows. It has to be deployed where the traffic is. Usually the nbox can access the traffic via a port span or a network tap (depends on your setup). The nBox generates flows and send them to a central collector such as NetEye, that still is a physical nbox. Depending on your network capacity, NetEye can collect flows for multiple nBoxes hence act as a netflow collector.

Andrea di Lernia

Andrea di Lernia

Profit Center Manager at Würth Phoenix
Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter. I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime

Author

Andrea di Lernia

Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter. I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime

Leave a Reply

Your email address will not be published.

Archive