User Guide

Concepts

Overview of ntopng and NetEye Integration

NetEye includes the ntopng software to allow for inspection of networks flows. The module can be accessed using Single Sign On.

On NetEye, both ntopng and nProbe are running, with the latter being in Collector Mode, i.e., it only collects flows sent to the 6363 port and sends them to ntopng. Flows are collected by nProbe from any capable network device–including, but not limited to, switches, servers, printers, workstations) that can be reached within the local networks accessible by NetEye.

Collected flows are sent to ntopng as ZMQ streams and processed; if additional nProbes are installed on the local network, they can be configured as well to send their flows to ntopng.

The official documentation of ntopng and nProbe contains more information about their architecture.

The user interface on ntopng can be reached by clicking on the menu item on the left-hand side. Depending on the roles of the users accessing the module, the available options and features accessible may vary. Please check the next section for more details about the permissions.

NetEye - ntopng schema

Fig. 148 NetEye - ntopng schema