Maybe you thought the same as I thought when I searched online for good ntopng tutorials : “damn, I’ll have to make my own”. Well, as I will have to install the whole setup myself again, I prefer write it here and share it with you.
Presentation
Just to clarify things before we put our hands in the dirt, ntopng is a netflow analyzer with a nice web-interface, that can get the traffic of its own interface. HOWEVER. It cannot work as a netflow collector too. That means that if you have a couple network devices on a network, and you want to know what kind of flows are going through your network, you will have to install a separate tool, which is also developped by the ntopng guys : nProbe. Sadly, this one is not free, and you will need a license to get it working in production environnement as the default-installation provides a 20K flows limit per nprobe thread, then it stops collecting them.
So to make it short, you will have to :
- install ntopng and nprobe
- configure your network devices to send net/sflow packets to ntopng server
- configure nProbe to collect net/sflow packets and to stream them in JSON to ntopng
- configure ntopng to listen for nProbe JSON streams
Easy IPv6 deployments & others 