Ntopng corellate flows with dns lookups5/18/2023 ![]() Give me some inspiration and examples for visualizing the network and analyzing flows that I can play around with. But I am not sure what I should look for. Monitoring and analyzing is a big part of it aswell. The UDP protocol is used mainly for DNS queries, network management, routing. I think I realized typing firewall and routing commands is just a small part of our jobs. by legitimate network traffic as seen in flash crowds and alpha flows. TLDR Im new and trying to absorb how to be a good network administrator. We're mostly using mikrotik (netflow 5,9 and ipfix) and vyos (I only got netflow 5 to work, and only on inbound interface, no ipv6). And I havent even started looking into visualizing in kibana yet. But right now the data is just useless without any visualisation. ![]() Are there any resources that share Kibana dashboards, or sites for inspiration? I've managed to send netflow v5 and 9 to it. I've recently discovered the Elastic stack, and I am trying to look into all of its possibilities. I also saw a Kentik netflow as a service thing, which seemed powerful, but I have no idea about the pricing, I could find no info. Is it possible to send netflow data directly to it, or do you have to send it through the nProbe, which costs money? It seemed to do reverse dns lookups on source/dst IP's which was pretty cool. Similar to nfsen, but doesn't look like its made in the '90s. I saw ntopng the other day, just barely looking at it. Alot of the biggest products also seem to offer much of things we dont need, such as SNMP, since we already do that in LibreNMS. I know there are a lot of tools such as Solarwinds, PRTG, but we're happy with Open source, or low licensing costs. But I've gotten really intrested in the traffic flow part right now. This is all good, and gives us some alerting aswell. Today we're already visualizing snmp bandwidth graphs, and router locations throughout the country with LibreNMS. Not sure how useful this for network administrators, maybe more to impress sales and the boss. Using ntopng with nProbe is convenient in several scenarios, including: The visualization of NetFlow/sFlow data originated by routers, switches, and network devices in general. Some other cool features and visualizations I've seen are mappings on potential ddos machines, on a world map. watering hole through DNS spoofing and lateral movement through pivoting. Grafs showing end user traffic patterns, abnormalities.Īs we're also a smaller ISP, I guess netflow/ipfix data with visualization showing AS traffic patterns, so we can see potential peering partners. our approach relying only on network flows of internal corporate traffic. But I imagine, since we're a "ITaaS" shop, some useful information would netflow data visualized. NTop is a network traffic analyzer that offers the possibility to monitor. I am not completely sure on what I am looking for. as one DNS lookup flow (one packet) or you may have lost several gigabyte size. I'm pretty new to networking, two years in my field. 20 ntopng Monitoring Engine Coded in C++ and based the concept of flow (se of packets with the same 6-tuple). I work for a company which delivers "it as a service" to mostly medium sized businesses.
0 Comments
Leave a Reply. |