As sometime people is confused about the various options ntopng tools offer, this post is an attempt to clarify them in a single page.
| Use Case | Product |
|---|---|
| Collect flows (sFlow and/or NetFlow) and dump them to disk or send them to a remote collector | nProbe (any version). Better to use nProbe Pro if you have proprietary flows. Check the nProbe working modes. |
| Convert packet into flows | nProbe if you have <= 10 Gbit traffic or nProbe Cento at 10+ Gbit. Check the nProbe working modes. |
| Both collect and visualize flows on a web GUI | Use ntopng for visualisation and nProbe for flow collection. Check how to configure nProbe with ntopng. |
| Analyse network packets and create a web report | Use ntopng if you have a few Gbits of traffic. With more traffic use nProbe or nProbe Cento to convert packets into flows and use ntopng to collect them. |
| Dump traffic to disk | n2disk. Choose the version based on the network speed you are monitoring (1, 5, and 10+ Gbit). It is possible to integrate it with ntopng. |
| Mitigate network traffic attacks discarding bad traffic | nScrub. Choose the version based on the network speed and the number of hosts to protect. |
| Process traffic (<= 1 Gbit) | PF_RING community. |
| Process traffic (> 1 Gbit) | PF_RING ZC. Note that ntopng, nProbe and the other products need a PF_RING ZC license when operating with networks speeds 1 Gbit+ |
Enjoy!