NTopNG - A Free, Open Source, Self Hosted, Network Monitoring and Analysis Tool.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] it's your open source advocate and i'm back with another video today i wanted to talk about a product called nto png or in top ng so it's based on n-top and it uses in-top in the background but sorry for the dog's parking it's not usually there so if you hear it i apologize but um so talk about this it's a high-speed web-based traffic analysis and flow collection and it gives you a nice browser-based view of what in-top is collecting so if you want to kind of scroll down through here you can see all the things that you can do with it and see on it but basically it sorts network traffic according to a lot of criteria you can show real-time network traffic and active hosts you can produce long-term reports top top talkers on your network monitor report live throughput so as we go through you'll see it's a lot of reporting a lot of monitoring and analyzing so you can just do tons of things with this software which is pretty great and again you can just run it in docker and then tell it how to access your network which is pretty awesome as well so we'll use docker and docker compose like i do on most of my videos and don't worry i'll put a link in the description for how to install docker and docker compose if you don't already have those installed it's really not that tricky but it's a really nice bit of software and you can just open it up in a browser and view it from anywhere basically which makes it really great so if you're looking for something a little bit more than what they offer in the community edition you do have these other options that do give you more capabilities so it may be worth it for you depending on what you're trying to see and what you're looking at i'm just using my this on my home network i don't have an enterprise level network or anything or university but might be worth looking at their paid options if you're interested in what else that you can get out of this i mean there's just a ton of stuff that you can actually use with this thing but when you get into the installation of it there are several ways you can do it but i actually did it through docker so down at the bottom there's a bunch of screenshots here and we can go through the screenshots but i'd really just show it to you live so let's get into the install and we'll we'll go through that process with docker and docker compose i want to say thank you to all of my subscribers and all of my patrons over at patreon seriously you guys make this so worth it for me to do these videos every week i really truly enjoy it and i just can't say thank you enough if you're enjoying these videos subscribe let youtube know that i'm doing a good job by subscribing to the channel plus you'll get notified when i have new videos coming out and finally if you're enjoying what i'm doing give it a like just click on that thumbs up and that way youtube knows that you like it and they'll pass it along to other people that might enjoy my content as well i really appreciate it thank you again let's get started let's get into this install so i'm going to open up my terminal here i'm already ssh into my other system but i'm going to go back to my home directory here so i'm just going to show you ls that it's in the home and i'm going to clear it out and you want to do this first mkdir name this directory whatever you want you're just making a folder i call it nto png so it's easy to identify and then hit enter so that you get a new directory and if you do an ls you should see a folder that looks like this and then if you do cdnt png it should give you something like that if you tab or you can just type out nto png hit enter and you'll be inside of that directory now if we do an ls you'll see that i have a dockercompose.yaml file so you'll want to do the same thing you want to create that if you do ls it's going to be empty so you want to do nano docker hyphen compose.yml type that out and once you're ready hit enter now yours will be empty but in my show notes i'm going to have this where you can go and actually copy it and paste it instead of having to you know copy it down and type it all by hand but i want to go through the file anyway so you have a chance to look at it so if we look here it's version 3 of docker compose and then the services are ntopng and here's the image that we're going to be pulling down and then the command is we're going to use the community version and it's going to run as a daemon and var live intel png is how it starts and then this is telling it what interface to use so this is my wireless interface on one of my other machines so i'm going to have to replace this in a minute with the actual wired interface on this machine that we're about to use and then it says dash r and this just tells it localhost and then here is the port for the redis database that it uses as well so don't don't change this part right here just leave this alone so this uses port 3000 by default we want to change this or i do if you're already using 3000 for something else which i am you need to change this to a different port so i'm going to change this to 34 10 and we'll just let that be the port that we're going to use so 3410 is my port and then i also need so i'm going to i'm just going to move down and we'll come back and change that interface here in just a minute so we'll change this right here in a minute to what we need and i'll show you how to find your interface name this is where it's going to create volumes so we're going to create a data folder inside of the the current entire png folder and then it'll create this other one that it needs but we're going to create this one just just to have it there you don't really have to it'll do it but i like to do that network mode equals host so this wants to use the host network and it has to to be able to reach out onto the rest of your network or else it won't be able to find that host network and then restart unless stopped so this just means like unless i stop this thing intentionally if if i reboot the machine anything like that it's going to restart this docker container the redis is the database back-end so it's going to pull down the redis alpine image it's going to run that command and then it's going to use this port to communicate which is fine i don't have anything else using that port currently that i'm aware of and then redis data and restart unless stopped same way so we'll be good as far as this goes so it's going to use the data folder for both containers which is great and it'll create the subfolders that it needs so we're going to just save this file with control o hit enter to save and then control x so first i'm going to make the data directory that's it now you see there's a data directory and a dockercompose.yaml and i'm going to clear that out and then we're going to do an ipaddr show this is just going to show you all of your interfaces with your ip addresses and i have a whole bunch of bridges that are based on the docker stuff so we're just going to scroll up through this until we get past all of these docker bridges and we're really looking for our ethernet in my in my case if you're looking for your wireless we'll we'll also find that but uh we're just kind of going through and checking what all these are i'm gonna get way up here to the top because i think it's one of these first ones which it is so here's my wireless which is wlp3s0 so if i wanted to use that this is what i would use but i actually want to use my my ethernet so it's this one en01 is the name of the interface so that's what i want to go back and put into that docker compose file so en01 and i'm going to go back into the docker compose so nano docker hyphen compose.yaml here i'll clear this out so you can see what we're doing right here and i'm going to go down to this line and i'm going to get rid of that wireless interface name and i'm going to put in my actual wired interface because it'll be a bit faster en01 i'm going to save this control o to save control x to exit out of nano clear that out and now we're just going to do docker compose up hyphen d so docker hyphen compose and then up hyphen d so this assumes that you have docker and docker compose installed already and ready to go and we're going to let this run it's going to go pull down the images that it needs so it says the redis one is done so we can do a docker ps and we can look through these to see if we see nto png we see redis and we see ntopng and it says that it's been up for 10 seconds that's a good sign so now we can go to our browser again and we should be able to access that site at 192.168. in my case.7.125 this is the ip address of my server so whatever you're running this on at your on your network you want to go to that ip address or if it's on the machine you're actively working on its local host is fine and then i used port 34 i think it was 10. we can go check that's an easy enough thing to do um docker compose diamo well yeah 3410 is the port that i use so i'm going to hit control x there to get out of that we've got that address in and i'm going to hit enter here we are at the web page so we're going to use these default username and password to log in the first time and then we'll change those and we're going to click on login and here's telling us change the password so i'm going to say don't save and i'm going to tell this not to save so i'm going to make this a strong password and then you repeat that strong password pick the language that you prefer okay and then we're gonna hit change password and you could save it at this point if you want to i'm not going to so it's going to talk about the top new talkers and you see as as it runs it's going to bring in more data and more information here for us which is great um it's going to start mapping out information from the network and here i'm just going to say oh let's see oh it's asking us to contribute to the project by sending encrypted data so i'm just going to say close for now that's fine i don't need to do that so we can kind of check out the interface here and you can see some different information about what's going on with the interface and i want to make this just i'm going to blow it up it may kind of mess up the interface by doing this but that way you guys can see exactly what's going on here so here you can see 6.9 kilobits a second 17 up kilobits per second down and up this is the 6.9 and then we can kind of look and we only have this one because we don't map all of them so we're just using that one one thing and then it says community edition and it tells us you know 12 flows uh five flows that may be critical 59 devices you know 16 uh remote hosts let's see 15 local hosts 41 devices and 81 flows here so it kind of breaks this out and i think if we click yeah so it'll take us to the 14 uh or the 11 flows there and it keeps popping this up so you can just close it but it says you know mdns so it's going to kind of tell you here's your 7-2 or 7.24 with mdns and it'll kind of tell you what's going on there's the duration here's the breakdown uh bits per second so i had it zoomed in so much can be hard to see all the data that's provided whenever you look at this but here now you can see kind of what's going on on this on this chart so i'll zoom it back in a little bit to make it easier but you can see here's the count of what's going on or you can say increase how many things i see so now we've got it up to 20. you can change to hosts and you can say all hosts localhost remote only you know local client remote server local server remote client that kind of thing so we can click on that and see if it filters it to what we wanted it doesn't really show us anything so we go back to all and then you can look at status normal all alerted flow risk you can look at severity here which is nice they give you account to tell you hey what's going on so we can look at warnings and you can do it by by wings you can filter by warnings um and then direction so just so many things you can filter by out here um so it's really a great kind of easy way to look at things and you've kind of got this constant information up here that's getting updated as you go i mean you can always keep an eye on what's going on with your traffic here so when you get alerts you can kind of click on this and see if there's any detected alerts i don't think there are yet oh yeah there's a few things here so i've got a warning right unexpected device connected so unexpected mac address device living room connected to the network so it says it's an unexpected device but it's not i know what this is this is my apple tv um so there's several things on here some of these are going to be my uh my wife's like my wife's imacs i'm not sure why it thinks these are unexpected but i could dig in and start looking to figure it out and start cleaning this up so that i get a better network diagram as well and better better fewer alerts so we can look at the flow alerts here and it tells us malformed packet so it's coming from this mac address and so you can just really kind of dig in and look at what's going on on your network and again i'll zoom this out a little bit so you can just see that there's icons there so this is a really interesting looking chart and you get a lot of information here out of it whenever you start kind of looking at this thing so you can really kind of dig in and then you have this little gear icon that will take you to kind of look at everything that it's talking about and what it's doing and you can kind of say the the dpi flow risks so you can able disable this flow risk stuff and you can kind of click through here to say you know what are the things suspicious dns traffic you know so these are all selected by default but you can change this and then you can hold down the control key to multi-select the things that you're interested in and see how that turns out so maybe you're not interested in everything here but you're really interested in just a few things and then you can apply that and make that change now i'm going to say cancel for now yep so as you're as you're clicking through there's all these things over here on the side that you can kind of check out so there's flows and then there's hosts so this is really interesting to me like what hosts are on my network now i can see this through the eero app but it's on my phone and it's super tiny um this is this is very interesting to me because i can kind of get it to go and pick up all the hosts on my network and here's the ip address so some of these are ipv6 addresses as you can see and then i think maybe we can filter this let's see yeah ipv version there we go ipv4 only so there we go i've cut out all the ipv6 stuff and here's the ipv4 so you can kind of go check this out here's 255 you know and i can see what this machine is doing and it says received zero bits 253 250 242 so if i click into it i can see more information about it and this is my wife's imac so you can kind of see a little bit more information about this actual machine here on my network um and then we can go back and just continue through that log so i mean i think this is a really awesome program for for doing some network analysis stuff so you can go by mac addresses networks so i don't have multiple networks i only have one network technically so that's kind of what you're going to see here so the ipv6 network and fpv4 network get picked up as different networks but i do only have one network so we can click on this and you can again see all of the hosts so as we keep going down here's this interface option so you can kind of see the different information about the interfaces that you're that you're looking at and what's going on so you can kind of just check out this part as well and there's stuff that you can download here so you've got a bpf filter bits per i don't know one minute it's doing everything one minute um so if you go down to settings you've got users you've got preferences you've got user scripts you've got manage configurations managed data applications and categories category list so there's quite a bit of settings that you can also put into this so if you click on users you'll see that here's the admin user and you can create a new user for yourself if you don't want to use the admin user oops if we go to preferences so there's quite a few preferences that you can set here as well so you can have minutes hours days for different things so basically authenticated session duration authenticated session timeout so you kind of set these things up for how long people are authenticated and then you can go to time series so time series driver traffic layer 7 applications alerts applications we can go look at applications as well so top http sites and you can see what all the top sites are as far as that goes and you can turn that on or off if you want to see those things the logging that happens here so log level you can trace log you can do http access log and you can do host pool events log network discovery telemetry user interface settings so auto log out the theme i don't know that we really can change i guess we can do dark maybe i don't know if that just gets applied or if we have to apply it save there we go so there's the dark theme if you prefer that one default i think is the light theme yeah maximum displayed string length and then access control list and then finally miscellaneous items throughput units hosts and mass host ip address so up in the upper right you can see where you're logged in and you're logged in as you can toggle your theme here as well and then of course you can log out if you want to and then there's also search where you can search through all the different things in the system so here you can kind of filter down to the hosts to the ports that are of interest and to the applications so you can kind of do a whole a whole lot of things here so mdns http unknown and other and when you look at hosts you kind of see the different information about the different hosts that are that are doing things so here's 7.215 and 125 so this is the host that's actually running this application right now if your network administrator or someone who's interested in what's going on on your network i think this is a really amazing tool it's it's open source you can get the community edition you can run it just like i did and let it start running on your network and i want you to think about the possibilities of this not only from the perspective of hey i'm running it on my local network to see what's happening but what if you have a distributed network where you connect to things through a vpn maybe wireguard or openvpn and you're connecting to a network that's a little bit broader than this one where you can have communication between those systems and have something check that network i think this could be a really cool tool in order to kind of update what you're looking at you come back to your terminal here and you open up your docker compose file and on this line right here instead of saying en01 you would go back into that interfaces list that we did while ago with the ipaddr show find the interface for your vpn while it's connected type it in here and then bring that interface up so that you can actually see that interface as well so my network's not super exciting you can see as it updates here about every five seconds it gets a little bit more information on the dashboard but if you didn't notice down here are some controls where you say you know i don't want this to keep updating i want to see this detail so if you have a lot more stuff going on you can just hit this pause and that should pause it from updating i think or stop maybe there we go yeah so if you hit the stop it should stop it from updating and you can kind of take a look and see what's going on with these things and kind of get a look at what's happening so 2 15 24 173 my main system here that i'm on seems to be getting picked up by name which is great and then up here is 220 i'd have to go look up what 220 is because i don't remember off the top of my head but then we can hit play again and it'll start picking up again and going live you can also change how often it updates so if you don't like five seconds you prefer 30 seconds or one minute whatever you can you can change it to that or you can set it to never so kind of up to you on that one i like the five seconds that's pretty great now it depends on how big that database is gonna get as it keeps running at that rate um so i don't know if redis will automatically kind of get rid of that stuff but there's probably settings where you can set that as well and then you can of course see the notifications up here so december 10th you know they've got some some different stuff happening so this is really in top telling you hey there's a few things that you could take part in and really look at which i think it's kind of cool that they do this as well so yeah not a not a bad little item or addition as well so that's ntopng i hope you enjoyed this video i hope you get a lot out of the information that i gave you and if you're interested in network analysis i think this is a really awesome tool and again just from a web browser you're able to do this so you start running this on one of your machines with docker and docker compose and just kind of let it run and then get out there and analyze your network and see what's going on if you're a network administrator and you're looking for a great tool i think this one's pretty great and i think you know if you're looking for more than this offers in the community edition it could be worthwhile to check out those paid options as well and help support the project and help support the group that's making this so give that a shot check it out if you want more look into the pricing and see if it fits your needs if you enjoyed this video like subscribe click the little bell icon so you know when i put out new videos in the future and tell your friends about it so they can come along on the journey with us and i'll talk to you next time [Music] you

Info

Channel: Awesome Open Source

Views: 19,481

Rating: undefined out of 5

Keywords: open, source, opensource, open-source, self, hosted, selfhosted, self-hosted, free, libre, software, server, web, internet, browser, linux, mac, macos, os x, windows, microsoft, unix, bsd, ios, android, pi, raspberry, desktop, digital, ocean, digitalocean, vps, tutorial, how to, setup, installation, instructions, cli, command line, terminal, interface, open source software, open source news, open source projects, flow, analysis, traffic, network, ntop, ntopng, docker, docker-compose

Id: sJkLmjaj02E

Channel Id: undefined

Length: 21min 38sec (1298 seconds)

Published: Tue Jan 12 2021