Monitoring network traffic with ntopng

Eyes on the Network


As mentioned earlier, ntopng can generate alerts for certain events and for cases when thresholds are exceeded or not reached. Although supported events (e.g., adding a new device or contacting a malware host) are hard-coded in the program, you can set threshold alerts individually.

All alerts are displayed on the Alerts dashboard (Figure 5), where they can be filtered by time period and whether local or remote for a better overview. A click on the respective host IP address takes you to detailed information on the respective alert. Ntopng can also display all alerts in tabular form with Detected Alerts .

Figure 5: Ntopng generates alerts according to events and threshold values. Flow Alerts Explorer helps you detect suspicious traffic from a malware or botnet server, for example.

Furthermore, ntopng can both display the alarms in the web interface and forward them to third-party applications. The currently supported crop of applications is email, Slack, Syslog, Nagios, and web hooks. The web hook option provides a universal HTTP interface for encoding alerts as JSON messages and passing them to an HTTP endpoint. Depending on certain alerts, the web hook can be used to control systems with a RESTful API (e.g., firewall or network management systems) and trigger certain responses.


Ntopng helps administrators monitor their networks and provides detailed information on bandwidth usage and the protocols and applications used, as well as deep insights into network traffic. The tool is indispensable for troubleshooting network problems.

The cost of Professional and Enterprise versions are very manageable, and both offer considerable advantages over the free Community edition. Unfortunately, the Windows version contains significantly fewer features than the Linux version.


  1. ntop:
  2. ntopng Edge (nEdge):
  3. ntop for universities, nonprofit organizations, and research institutions:
  4. ntopng versions:
  5. Licenses for Professional and Enterprise editions:
  6. Download:
  7. Instructions for Let's Encrypt:

The Author

Thomas Zeller is an IT consultant and has been involved with IT security and open source for 15 years. He is the author and coauthor of OpenVPN Compact and Mind Mapping with Freemind . In real life, he is the managing director of a medium-sized IT system integrator, where he is also responsible for the IT security division.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=