Home

Welcome to the NtopngDataEditor wiki!

UNB - CIC Network traffic Flow Generator (formerly ISCXFlowMeter)

CICFlowMeter is a network traffic flow generator which has been written in Java and offers more flexibility in terms of choosing the features you want to calculate, adding new ones, and also having a better control of the duration of the flow timeout.

CICFlowMeter generates bidirectional flows, where the first packet determines the forward (source to destination) and backward (destination to source) directions, hence the 83 statistical features such as Duration, Number of packets, Number of bytes, Length of packets, etc are also calculated separately in the forward and reverse direction.

The output of the application is the CSV format file that have six columns as label for each flow namely FlowID, SourceIP, DestinationIP, SourcePort, DestinationPort, and Protocol with more than 80 netowork traffic features.

Note that TCP flows are usually terminated upon connection teardown (by FIN packet) while UDP flows are terminated by a flow timeout. The flow timeout value can be assigned arbitrarily by the individual scheme e.g., 600 seconds for both TCP and UDP.

For more information please visit this website: http://www.unb.ca/cic/datasets/flowmeter.html

NTOPNG

ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well.

ntopng – yes, it’s all lowercase – provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information.

Main Features

• Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, Autonomous Systems (ASs).
• Show realtime network traffic and active hosts.
• Produce long-term reports for several network metrics including throughput and application protocols.
• Top talkers (senders/receivers), top ASs, top L7 applications.
• Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics. (retransmissions, out of order packets, packet lost), and bytes and packets transmitted.
• Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses.
• Geolocate and overlay hosts in a geographical map.
• Discover application protocols (Facebook, YouTube, BitTorrent, etc) by leveraging on nDPI, ntop Deep Packet Inspection (DPI) technology.
• Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist.
• Analyse IP traffic and sort it according to the source/destination.
• Report IP protocol usage sorted by protocol type.
• Produce HTML5/AJAX network traffic statistics.
• Full support for IPv4 and IPv6.
• Full Layer-2 support (including ARP statistics).
• GTP/GRE detunnelling.
• Support for MySQL, ElasticSearch and LogStash export of monitored data.
• Interactive historical exploration of monitored data exported to MySQL.
• Alerts engine to capture anomalous and suspicious hosts.
• SNMP v1/v2c support and continuous monitoring of SNMP devices. For further information please visit the next links:
• Website: https://www.ntop.org/products/traffic-analysis/ntop/
• Github: https://github.com/ntop