High-Speed Network Traffic Monitoring Using ntopng

LISA: Where systems engineering and operations professionals share real-world knowledge about designing, building, and maintaining the critical systems of our interconnected world.

The LISA conference has long served as the annual vendor-neutral meeting place for the wider system administration community. The LISA14 program recognized the overlap and differences between traditional and modern IT operations and engineering, and developed a highly-curated program around 5 key topics: Systems Engineering, Security, Culture, DevOps, and Monitoring/Metrics. The program included 22 half- and full-day training sessions; 10 workshops; and a conference program consisting of 50 invited talks, panels, refereed paper presentations, and mini-tutorials.

Mini Tutorial
Friday, November 14, 2014 - 11:00am-12:30pm

Luca Deri, ntop / IIT-CNR

Luca Deri, ntop / IIT-CNR

Luca Deri is the leader of the ntop project aimed at developing an open-source monitoring platform. He previously worked for University College of London and IBM Research, prior receiving his PhD at the University of Berne. When not working at ntop, he shares his time between the .it Internet Domain Registry (nic.it) and the University of Pisa where he has been appointed as lecturer at the CS department.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {209049,
author = {Luca Deri},
title = {{High-Speed} Network Traffic Monitoring Using ntopng},
year = {2014},
address = {Seattle, WA},
publisher = {USENIX Association},
month = nov
}
Download
View the slides

Presentation Video 

Description: 

This tutorial focuses on ntopng, an open-source traffic monitoring application designed for high-speed networks. ntopng’s key features are large networks real-time analytics, ability to characterize protocols, user traffic behavior, and identify application traffic. ntopng can identify network bottlenecks, trigger alerts based on thresholds, and merge data from multiple ntopng instances. ntopng can be enabled both on physical hosts and virtual machines, making it suitable for virtualized and cloud environments.

Who should attend: 
Network and System Administrators
Take back to work: 

After the tutorial, attendees will be able to deploy ntopng on their network and perform monitoring tasks using the ntopng tool.

Topics include: 
  • Introduction to network traffic monitoring: open issues and challenges
  • High-level design of ntopng
  • ntopng integration with commercial monitoring protocols such as NetFlow and sFlow.
  • Traffic monitoring best practices using ntopng