The web-based network traffic analysis tool ntopng and its application

1. Introduction to ntopng

ntopng is a web-based network traffic analysis tool, which can monitor and analyze network traffic in real time, provide a rich visual interface, and help users better understand network conditions and optimize network performance. ntopng supports multiple protocols and data sources, including TCP, UDP, HTTP, DNS, NetFlow, etc. It can conduct in-depth analysis of network traffic and provide real-time alarm and logging functions. The advantage of ntopng is that it is easy to install and use, with powerful functions and flexible configuration options, which can help administrators quickly identify network problems and take corresponding measures.


2. The official website of ntopng


3. The difference and connection between ntopng and ntop

Both ntop and ntopng are network traffic analysis tools developed by the same development team. The main difference between them is that ntop is command-line based, while ntopng is web-based, that is, ntopng provides a more modern and easy-to-use user interface.


ntopng is the successor of ntop, which improves and expands the functions and performance of ntop. ntopng supports more protocols and data sources, can analyze and monitor network traffic more finely, and provides more visual interfaces and real-time alarm functions.


In general, ntopng is an upgraded version of ntop, which provides a more modern and easy-to-use interface, and supports more protocols and functions.


4. Install ntopng

Here is installed by yum:

add warehouse

[root@DeveCode ~]# curl > /etc/yum.repos.d/ntop.repo

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   364  100   364    0     0     53      0  0:00:06  0:00:06 --:--:--    84

[root@DeveCode ~]#

Install epel source

[root@DeveCode ~]# yum install epel-release

Install the package corresponding to ntop

[root@DeveCode ~]# yum clean all

[root@DeveCode ~]# yum update

[root@DeveCode ~]#

[root@DeveCode ~]# yum install pfring-dkms n2disk nprobe ntopng cento ntap

Loaded plugins: fastestmirror, langpacks

Loading mirror speeds from cached hostfile

  * base:

  * epel:

  * extras:

  * updates:

Resolving dependencies

There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you' ll have to try removing/installing packages by hand (maybe package-cleanup can help).



   cento.x86_64 0:1.18.230517-786 n2disk.x86_64 0:3.6.230517-5290 nprobe.x86_64 0:10.2.230517-8012 ntap.x86_64 0:1.0.230517-119 ntopng.x86_6 4 0:5.6.230517-20406 pfring-dkms.noarch 0:


Installed as a dependency:

   dkms.noarch 0:3.0.11-1.el7 elfutils-libelf-devel.x86_64 0:0.176-5.el7 jemalloc.x86_64 0:3.6.0-1.el7 kernel-devel.x86_64 0:3.10.0-1160.90 .1.el7 libatomic.x86_64 0:4.8.5-44.el7

   libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 libsodium.x86_64 0:1.0.18-1.el7 libzstd.x86_64 0:1.5.5-1.el7 ndpi.x86_64 0:4.6.0-4220 ntop-license. x86_640:1.0-440

   ntopng-data.noarch 0:5.6.230517-20406 numactl.x86_64 0:2.0.12-5.el7 openpgm.x86_64 0:5.2.122-2.el7 pfring.x86_64 0:8.4.0-8267 radcli.x86_64 0 :1.2.12-1.el7

   redis.x86_64 0:3.2.12-2.el7 rrdtool.x86_64 0:1.4.8-9.el7 zeromq.x86_64 0:4.1.4-6.el7



[root@DeveCode ~]#

Install the PF_RING driver

PF_RING no longer includes the ZC drivers, so you can choose to install them.

[root@DeveCode ~]# yum install pfring-drivers-zc-dkms

Configure ntopng

The default configuration file for ntopng is usually located at /etc/ntopng/ntopng.conf. This file can be edited to configure parameters of ntopng, such as listening interface, log level, alert rules, etc.


listening interface

For example, if you want to listen on the eth0 interface, you can add the following line to your configuration file:


log level

The default log level of ntopng is 2 (warning level), you can adjust it to a higher or lower level as needed. For example, if you want to set the log level to 4 (debug level), you can add the following line to the configuration file:


alert rules

ntopng provides some alert rules that can trigger an alert when network traffic reaches a certain threshold. You can enable or disable these rules in the configuration file. For example, if you want to enable a DDoS alert rule, you can add the following line to your configuration file:


web interface

ntopng provides a web interface that can be accessed in a browser to view network traffic statistics. You can specify the port number and access password of the web interface in the configuration file. For example, if you want to set the port number of the web interface to 8080 and use the password "mypassword" for access, you can add the following line to the configuration file:

--http-port=8080 --http-password=mypassword


ntopng can write the collected network traffic data into the database. You can specify the database type, hostname, username and password in the configuration file. For example, if you want to write data to a MySQL database, you can add the following line to the configuration file:


The above are some common ntopng configuration items, which can be adjusted as needed. After modifying the configuration file, you need to restart the ntopng service to make the configuration take effect. You can restart ntopng with the following command:

systemctl restart ntopng

start ntopng

[root@DeveCode ~]# systemctl start ntopng

[root@DeveCode ~]# systemctl stop firewalld

[root@DeveCode ~]# 


The default username is: admin/admin




You must be logged in to post a comment.

About Author

This guy is lazy and left nothing behind.