It's crazy how much better the community edition is. If you don't force the community mode, CPU Idle was at 60%+ and accessing the site was constantly 100%.
yes, I succeeded on my RPI4 in Docker. Two errors needed to be resolved. First observation was an error which indicated that the image is not running on RPI4 (ARM64 Ubuntu). So I switched to jonbackhaus/ntopng image. However also this image resulted into an error. This error did I track down to a bug in Ubuntu of which a workaround exists. Using the --dont-change-user command in the yml file did the trick. It's now working fine. :-)
Great video! Really like the interface and the granular drill down on data. Definitely can see this as a good solution when running multiple containers in a homelab. Thanks for sharing
Great tutorial, thanks a lot. One vital topic IMO which was in this tutorial is that... This doesn't server as a proper monitoring since you're installing it onto a docker server without any netflow import into it. This is just a host on your network and monitoring everything would require data from your router. I tried installing this on my pfsense router as a package, but the expierence was buggy as hell. I am not aware whether you can import traffic from pfsense to your docker container (I think that would require nprobe which is not free).
Great video! Thanks. I tried to install it inside docker that was inside an LXC container! yeah, not so much. haha I installed docker on 22.04 VM using your info on installing docker and it worked like a charm! Thank you. I need to more with docker. I use LXC on Proxmox with great success. The updated version of this since your video is really impressive. Two thumbs up!
It's a shame that Nprobe-NG is not part of the Community edition.. I could send my Netflow data from my Mikrotik routers to it. I guess I'll keep using PRTG for my home net.
Fascinating program but got the impression it only gave info about connections with the host machine, I might be wrong on that though but guess network adapter might have to be in promiscuous mode. So much info though that one might get paranoid about what is going on 😎
@@AwesomeOpenSource Thanks for the prompt reply. Sorry, it's my mistake, "docker ps" didn't show the port, but was listed in localhost, and my vpn blocked the browser login. Good work.
Still getting "bad gateway" errors when attempting to access the show notes for this video. The only way to copy the docker conpose file provided is by copying it off the video.
Sorry, I'm migrating my shownotes to a new wiki, and it's going ever so slow lately. I'm working backward through my catalog, and this was a pretty early video, but I'm getting there. I'll direct link you when I get it moved.
Cool video. Does NTopNG require a lot of RAM and CPU to run ? Right now I´m using ElastiFlow to monitoring my home network (approx. 15 physical units + 10 - 15 virtual machines) using netflow. But Elastiflow uses a lot of RAM (approx. 11 GB), and I´m looking for alternatives that is less RAM hungry.
thanks for this, looks like a great util ! curious where's the compose file ? don't see it in the notes nor on their site or docker hub. I'll try to scrape it from the vid now...
I've used firefox with it, but there could be all kinds of reasons. if you can replicate issues, definitely put in good bug reports with the project so they can fix it.
You can secure it with credentials, keep on exposed only internally, and even put something like Authelia in front of it for extra authentication if needed. Just depends on your company’s policies.
I find the output of 'ip addr show' to be way too verbose for what I usually need. I usually use the 'brief' option to cut it back to the essentials; e.g. 'ip -br a' gives me - lo UNKNOWN 127.0.0.1/8 ::1/128 enp3s0 UP 192.168.1.11/24 fe80::a60:6eff:fed9:b0b7/64 virbr0 DOWN 192.168.122.1/24
I'm installed ntopng on a Raspberry Pi. How do you configure the network part of the Raspberry and the switch it's attached to? My idea is to connect the Raspberry twice to the switch: Once with a mirrored port (port to router mirrored) and one standard access port. Does the mirrored port need to have a native vlan? Does the mirrored port on the Raspberry need to get an IP at all?
i just installed this on my ubuntu server. one thing i noticed it only finds dhcp devices. is there a way to add my static devices? also another question is there a way to install this on unraid?
@@AwesomeOpenSource One thing I wonder. This could have been a mistake from my unexperience when I set up my homelab 3 years ago. I set my DNS IP to my router on my servers. Could that be something?
@@AwesomeOpenSource I think i know now why, if ntopng is installed on a host that is directly connected to a network port set up for mirroring, then ntopng alone can analyze the network traffic without needing nProbe. However, if you're collecting NetFlow data from a remote source, such as a virtual switch, and sending it to a host running ntopng, then you will generally need nProbe to act as the collector. In this scenario, nProbe gathers the NetFlow data and forwards it to ntopng for analysis. Could that be? But yes is see traffic or netflows, but i think ntopng cannot interpret it right
I am running it in my Docker environment , but as soon as i start the container - it cuts off my internet , even though i am connected to my wifi but can't do internet surfing, but i can see stats and all the things. any clue ?
If you'd like some help with it find me on Telegram @MickInTx, and I'll see if I can help. You might start by checking the docker logs, unless that's where you're seeing the restart listed.
Like so many videos the walk through of the product itself is kind of sort of well maybe this might let me click, perhaps. i.e. Not a scripted walkthrough. It's as if it was the first time you've ever looked at it. Install part of the video was useful.
Its not working. I have this error in the container log : standard_init_linux.go:219: exec user process caused: exec format error (seen via portainer UI). Running the docker ps command -> Container is in the status : Restarting. I have a raspberry PI 4 running docker on it (docker-compose version 1.21.0, build unknown ). Have you a solution for this issue? Thanks.
@@AwesomeOpenSource I use the .yml file to run it like you did. Here is what's inside the file : version: '3' services: ntopng: image: vimagick/ntopng command: --community -d /var/lib/ntopng -i eth0 -r 127.0.0.1:6379@0 -w 0.0.0.0:3410 volumes: - /srv/dev-disk-by-uuid-3fcbfa20-6ea1-4262-b010-9ee30c62c3a1/DossierPartage/Config/ntopng:/var/lib/ntopng network_mode: host restart: unless-stopped redis: image: redis:alpine command: --save 900 1 ports: - "6379:6379" volumes: - /srv/dev-disk-by-uuid-3fcbfa20-6ea1-4262-b010-9ee30c62c3a1/DossierPartage/Config/redis:/data restart: unless-stopped Note : The volumes are found on an external hard drive which is correctly mounted. I have other containers running properly using volumes like this. Is there any mistake in the .yml file?
Lost all the formatting in the comment, so hard to tell if something may be wrong there, but yml is very particular about formatting. I don't think it's the volumes.
If you want to go the Docker route like I did, you need to get Docker and Docker-compose installed in Windows first. Docker install is just a normal installer like any other Windows installer as I recall. Not sure about Docker-compose. Then run the same command I did, changing the interface name to your interface. In windows the command to see interfaces is ipconfig /all Then it should be up and running. I’m not a big Windows user, so I would have to create a VM to even try it. Let me know if the above doesn’t work, and I’ll see what I can do.
Installing this in Docker is a mistake. This application is available precompiled for most major distribution environments. It is updated regularly, so why add Docker which makes updating much more difficult?
@@AwesomeOpenSource That is a manual process that needs to monitored and performed. NTopNG has a fully integrated repo for the various installation styles that become simply a part of the overall machine update process. Docker just adds more work and doesn't improve anything.
@@AwesomeOpenSource image: vimagick/ntopng dont update for two years . Can we peplace image name to ntop/ntopng in your config file that you show in video and will it works?
Great video btw! much respect for your hard work! That one 1 min in 15:30 is a pcap file (Packet Capture as in WireShark) Quick question, is it possible you think to add two interfaces in the docker compose file? if yes, what would be the docker compose look like? @Synology:/$ ip -br a ovs_eth0 UP 10.0.12.16/24 ovs_eth1 UP 10.0.3.16/24 I have Synology NAS that is connected to two different networks at the moment.
Hello, I try installiing with Your docker-compose and have that error: ntopng-ntopng-1 | exec /usr/bin/ntopng: exec format error ntopng-ntopng-1 exited with code 1
It's crazy how much better the community edition is. If you don't force the community mode, CPU Idle was at 60%+ and accessing the site was constantly 100%.
Good info for future users.
This was the first tool i used in my begin, i love this tool , this tool helped me to solve many issues in my network
That's awesome!
Excellent application. Thank you. Note to add: Enable selected port in server firewall.
Great tip!
I just installed on my Ubuntu Server last night and so far, I am really impressed with it... Thanks AOS for making this video...
My pleasure! Glad it’s working well for you.
yes, I succeeded on my RPI4 in Docker. Two errors needed to be resolved. First observation was an error which indicated that the image is not running on RPI4 (ARM64 Ubuntu). So I switched to jonbackhaus/ntopng image. However also this image resulted into an error. This error did I track down to a bug in Ubuntu of which a workaround exists. Using the --dont-change-user command in the yml file did the trick. It's now working fine. :-)
That is excellent, and thank you for sharing so others can tackle it with some guidance.
Do you know of a guide I could use to install this on a Raspberry Pi?
Great video! Really like the interface and the granular drill down on data. Definitely can see this as a good solution when running multiple containers in a homelab.
Thanks for sharing
My pleasure as always.
Your videos are simply Awsome!!!! Many thanks.
So glad you enjoy them.
AWESOME as always! Very good work and a useful tool for any professional IT person. Thank you very much.
My pleasure! Glad you enjoyed it!
Just stumbled on your channel… Great content.. Thank you, Sir!
Thanks for watching!
@@AwesomeOpenSource Thank you for posting, and keeping us educated!
Great tutorial, thanks a lot. One vital topic IMO which was in this tutorial is that... This doesn't server as a proper monitoring since you're installing it onto a docker server without any netflow import into it. This is just a host on your network and monitoring everything would require data from your router.
I tried installing this on my pfsense router as a package, but the expierence was buggy as hell. I am not aware whether you can import traffic from pfsense to your docker container (I think that would require nprobe which is not free).
To do a proper netflow you need nProbe in the middle.
Great video! Thanks. I tried to install it inside docker that was inside an LXC container! yeah, not so much. haha I installed docker on 22.04 VM using your info on installing docker and it worked like a charm! Thank you. I need to more with docker. I use LXC on Proxmox with great success. The updated version of this since your video is really impressive. Two thumbs up!
Glad you got something out of the video. Yeah, when you get docker in LXC, in proxmox, networking can be a bit of a pain.
@@AwesomeOpenSource Very true indeed I want to figure it out though. I'll get there. Thanks again
Use the -br(ief) option to „ip s a“ to prune that output down when you look for interfaces
Yeah, still learning about the ip commands. I'm still really mising ifconfig...the layout was much cleanre IMO.
It's a shame that Nprobe-NG is not part of the Community edition.. I could send my Netflow data from my Mikrotik routers to it. I guess I'll keep using PRTG for my home net.
is your server/PC is serving as gateway? or how does others device info is showing up here? is there any SNMP or other configurations needed? Thanks
No, no other config needed. This uses nmap to scan the network and get information about other devices.
@@AwesomeOpenSource Okay thank you so much.
I didn’t think it was possible to get all that infos by simply installing ntop onto a “leaf” node of the home network... how does this work?? Unreal.
@@enricollen I think it catch the broadcasted traffic between devices and build up the information
Fascinating program but got the impression it only gave info about connections with the host machine, I might be wrong on that though but guess network adapter might have to be in promiscuous mode. So much info though that one might get paranoid about what is going on 😎
I think it may set the adapter in the background somehow, but not sure.
It’s available as a package in pfSense
Very cool!
Good content
Thank you!
Can you install this on a Raspberry Pi? Are there any guides for that. I have a Macbook but it’s not accessible 24/7 like the Raspberry Pi is.
I believe they have an arm version. You'd use their docker kit, like I did, but make sure to use the image built for Arm.
Thanks for the video, I tried on docker 23.0, the container is running but the port is not getting exposed. Any advice?
No. I haven't tried to set this up in a while. I'm sorry. Did you make sure to set the proper interface name in the command on the compose file?
@@AwesomeOpenSource Thanks for the prompt reply. Sorry, it's my mistake, "docker ps" didn't show the port, but was listed in localhost, and my vpn blocked the browser login. Good work.
Nice looking utility. Unfortunately, it's only for x86 machines. My network contains mostly ARM machines.
Maybe the container is only built from x86? On this page under tech specs it shows ARM. www.ntop.org/products/traffic-analysis/ntop/
Still getting "bad gateway" errors when attempting to access the show notes for this video. The only way to copy the docker conpose file provided is by copying it off the video.
Sorry, I'm migrating my shownotes to a new wiki, and it's going ever so slow lately. I'm working backward through my catalog, and this was a pretty early video, but I'm getting there. I'll direct link you when I get it moved.
Here is the new page: wiki.opensourceisawesome.com/books/ntopng/page/ntopng-network-analysis-dashboard
Cool video. Does NTopNG require a lot of RAM and CPU to run ? Right now I´m using ElastiFlow to monitoring my home network (approx. 15 physical units + 10 - 15 virtual machines) using netflow. But Elastiflow uses a lot of RAM (approx. 11 GB), and I´m looking for alternatives that is less RAM hungry.
I don't recall it needing much ram, no.
@@AwesomeOpenSource Thanks, I will give it a try.
Please, make video about Shadow Daemon WAF
Let me look into it, and learn about it, and I'll see about a future video on it.
thanks for this, looks like a great util ! curious where's the compose file ? don't see it in the notes nor on their site or docker hub. I'll try to scrape it from the vid now...
found it: this is the correct link to dockerhub: hub.docker.com/r/vimagick/ntopng
Sorry, still working on show notes. Should be posted in about 45 minutes. I’ll add the link to the description when it’s ready.
Shownotes are now on the description. Enjoy!
Great vid thanks
You bet.
Hi there , with this network monitor can we monitor every user which software or application are using on the private network ? thnx
I don't think it will tell you that specifically, no. Really more for bandwidth usage statisitics, etc.
@@AwesomeOpenSource thanks, do you know any plugin or apps on pfsense???
awesome!
Thank you! Cheers!
My GUI is buggy for some reason. Not sure if that's a Firefox issue.
I've used firefox with it, but there could be all kinds of reasons. if you can replicate issues, definitely put in good bug reports with the project so they can fix it.
Is it secure for big private organisations network monitoring purposes?
You can secure it with credentials, keep on exposed only internally, and even put something like Authelia in front of it for extra authentication if needed. Just depends on your company’s policies.
can NtopNG b used to limit internet speed per IP, for a defined private ip assigned to a user?
I don't think so. It's really more for monitoring as far as I know.
I find the output of 'ip addr show' to be way too verbose for what I usually need. I usually use the 'brief' option to cut it back to the essentials; e.g. 'ip -br a' gives me -
lo UNKNOWN 127.0.0.1/8 ::1/128
enp3s0 UP 192.168.1.11/24 fe80::a60:6eff:fed9:b0b7/64
virbr0 DOWN 192.168.122.1/24
What a great tip! I will definitely be using the brief version in the future.
I'm installed ntopng on a Raspberry Pi. How do you configure the network part of the Raspberry and the switch it's attached to? My idea is to connect the Raspberry twice to the switch: Once with a mirrored port (port to router mirrored) and one standard access port. Does the mirrored port need to have a native vlan? Does the mirrored port on the Raspberry need to get an IP at all?
Not sure, but you will likely want an IP so the software can know what network(s) to reach out onafor information.
@@AwesomeOpenSource thanks for your answer! I'll try to test it
can you monitor more than 1 network interface ???
You can set it to monitor more than 1, but you switch between them in the upper left of the GUI.
does this work on raspberry pi 3 using raspOS aka buster
Should, check out this page packages.ntop.org/ for their binary downloads.
i just installed this on my ubuntu server. one thing i noticed it only finds dhcp devices. is there a way to add my static devices? also another question is there a way to install this on unraid?
Hmmmm. I feel like I've seen traffic from devices that are static, but maybe it's the way I set them on my network, so not sure.
@@AwesomeOpenSource One thing I wonder. This could have been a mistake from my unexperience when I set up my homelab 3 years ago. I set my DNS IP to my router on my servers. Could that be something?
i can't even use the filter...i click on it and nothing happens..till now ntopng doesn't convince me
Sorry to hear that. Not sure why that may be happening. Are you seeing the traffic on your network devices?
@@AwesomeOpenSource I think i know now why, if ntopng is installed on a host that is directly connected to a network port set up for mirroring, then ntopng alone can analyze the network traffic without needing nProbe. However, if you're collecting NetFlow data from a remote source, such as a virtual switch, and sending it to a host running ntopng, then you will generally need nProbe to act as the collector. In this scenario, nProbe gathers the NetFlow data and forwards it to ntopng for analysis.
Could that be?
But yes is see traffic or netflows, but i think ntopng cannot interpret it right
I am running it in my Docker environment , but as soon as i start the container - it cuts off my internet , even though i am connected to my wifi but can't do internet surfing, but i can see stats and all the things. any clue ?
That is definitely a strage one. Not sure why it would interrupt your internet connectivity.
Not sure why it wont work for me. Just shows the docker containers as restarting.
If you'd like some help with it find me on Telegram @MickInTx, and I'll see if I can help. You might start by checking the docker logs, unless that's where you're seeing the restart listed.
@@AwesomeOpenSource its telling me docker.errors.DockerException: Bind address needs a port :127.0.0.1.. Im pretty new at linux
Is it different from pfSense ntop?
I'm guessing no. as ntop is ntop - this is just ntop next gen, so basically built ont he same stuff.
Like so many videos the walk through of the product itself is kind of sort of well maybe this might let me click, perhaps. i.e. Not a scripted walkthrough. It's as if it was the first time you've ever looked at it. Install part of the video was useful.
Indeed, a lot of the stuff was a first run through for the UI side. I've been working to improve on that more recently.
Its not working. I have this error in the container log : standard_init_linux.go:219: exec user process caused: exec format error (seen via portainer UI).
Running the docker ps command -> Container is in the status : Restarting.
I have a raspberry PI 4 running docker on it (docker-compose version 1.21.0, build unknown
). Have you a solution for this issue? Thanks.
No. Cant say I do, but it sounds like a go issue possibly. Did you get the right version in the Docker command? I mean as in Arm version?
@@AwesomeOpenSource I use the .yml file to run it like you did. Here is what's inside the file :
version: '3'
services:
ntopng:
image: vimagick/ntopng
command: --community -d /var/lib/ntopng -i eth0 -r 127.0.0.1:6379@0 -w 0.0.0.0:3410
volumes:
- /srv/dev-disk-by-uuid-3fcbfa20-6ea1-4262-b010-9ee30c62c3a1/DossierPartage/Config/ntopng:/var/lib/ntopng
network_mode: host
restart: unless-stopped
redis:
image: redis:alpine
command: --save 900 1
ports:
- "6379:6379"
volumes:
- /srv/dev-disk-by-uuid-3fcbfa20-6ea1-4262-b010-9ee30c62c3a1/DossierPartage/Config/redis:/data
restart: unless-stopped
Note : The volumes are found on an external hard drive which is correctly mounted. I have other containers running properly using volumes like this. Is there any mistake in the .yml file?
Is it beacause there is no shebang in the dockerfile?
@@abdus-samad5 I don't think that's it, but possibly. I just did the steps I showed you.
Lost all the formatting in the comment, so hard to tell if something may be wrong there, but yml is very particular about formatting. I don't think it's the volumes.
BPF = Berkley Packet Filter
Thank you very much.
how can i use NTOP to monitor devices in windows ??
Please make this using windows
If you want to go the Docker route like I did, you need to get Docker and Docker-compose installed in Windows first. Docker install is just a normal installer like any other Windows installer as I recall. Not sure about Docker-compose. Then run the same command I did, changing the interface name to your interface. In windows the command to see interfaces is
ipconfig /all
Then it should be up and running. I’m not a big Windows user, so I would have to create a VM to even try it. Let me know if the above doesn’t work, and I’ll see what I can do.
@@AwesomeOpenSource k thanks ..let me try me this
Installing this in Docker is a mistake. This application is available precompiled for most major distribution environments. It is updated regularly, so why add Docker which makes updating much more difficult?
Updates in docker aren't hard. just do 'docker-compose pull' then 'docker-compose up -d' again. done.
@@AwesomeOpenSource That is a manual process that needs to monitored and performed. NTopNG has a fully integrated repo for the various installation styles that become simply a part of the overall machine update process. Docker just adds more work and doesn't improve anything.
@@AwesomeOpenSource image: vimagick/ntopng dont update for two years . Can we peplace image name to ntop/ntopng in your config file that you show in video and will it works?
Great video btw! much respect for your hard work!
That one 1 min in 15:30 is a pcap file (Packet Capture as in WireShark)
Quick question, is it possible you think to add two interfaces in the docker compose file? if yes, what would be the docker compose look like?
@Synology:/$ ip -br a
ovs_eth0 UP 10.0.12.16/24
ovs_eth1 UP 10.0.3.16/24
I have Synology NAS that is connected to two different networks at the moment.
Hello, I try installiing with Your docker-compose and have that error:
ntopng-ntopng-1 | exec /usr/bin/ntopng: exec format error
ntopng-ntopng-1 exited with code 1
OK, meybe for RaspberryPi there's different setup. I install on laptop and works now.
I would guess for Pi, you need to specify an arm version of the image.