When will ntopng package be updated???
-
Are packages never kept up to date ever? When will ntopng be updated to newer version?
The ntopng version in package manager is 1.5 years old, since feb 2023
and here is list of version with date released
-
@denitrosubmena said in When will ntopng package be updated???:
Are packages never kept up to date ever? When will ntopng be updated to newer version?
The ntopng version in package manager is 1.5 years old, since feb 2023
Ntopng 5.6 was the stable version during the last update of the pfSense package. While the version of the package was tested against ntopng 6.0, I did not view the 6.0 release as stable enough to push hard for the dependency upgrade. In general, dot-zero releases are rarely a good idea on a firewall. Ntopng 6.2, which I have hopes for, is less than a month old. Time will tell of its stability.
If you need the latest and greatest ntopng on your firewall, I recommend that you install it using the instructions provided by the ntopng team. If you do that, perhaps you could conduct some extensive of 6.2 and then report back?
-
Which version of pfSense are you running?
My 24.03 Plus offers newer version for install... -
the version 5.6 only supports single interface at a time and am told the newer version supports multiple interfaces at same time
is this true?
in the pfsense settings page, we can only chose one interface to monitor at a time, and that is what issue is currently, and i want to stick to packages managed by the native package manager so i dont run into issues
-
am running this version
2.7.2-RELEASE (amd64) built on Wed Dec 6 14:10:00 CST 2023 FreeBSD 14.0-CURRENT
which is current latest pfsense
downloaded from here https://sgpfiles.netgate.com/mirror/downloads/
or am i missing something?
-
@denitrosubmena said in When will ntopng package be updated???:
the version 5.6 only supports single interface at a time and am told the newer version supports multiple interfaces at same time
is this true?
No, that is not true. To my knowledge, Ntopng has always supported multiple interfaces. Who told you it didn't?
-
@mvikman said in When will ntopng package be updated???:
My 24.03 Plus offers newer version for install...
Yes, you are correct. The underlying ntopng dependency is version 6.0. This was changed after the version of the pfSense package was set. My bad.
-
@denitrosubmena said in When will ntopng package be updated???:
in the pfsense settings page, we can only chose one interface to monitor at a time
The screen pic you posted is not for the current version of the ntopng package.
Two additional things:
- Yes, you can select multiple monitored interfaces in the list, even in the old version that you are running.
- You only have one local segment (LAN), so you really don't need multiple interface monitoring. Enable ntopng monitoring on the WAN interface is not recommended.
-
I want to monitor the WAN and the LAN
WAN is internet so why in the hell is that not recommended??? that should even be the number interface to monitor as that is in and out traffic from the firewall
-
@denitrosubmena said in When will ntopng package be updated???:
I want to monitor the WAN and the LAN
WAN is internet so why in the hell is that not recommended??? that should even be the number interface to monitor as that is in and out traffic from the firewall
Ehh no. WAN will have a million attempts of access every day, so you will never find a possible valid attack in the mountain of false positives.
On LAN you will get a baseline of your clients and devices behaviour, and stand a MUCH better chance of spotting if anything is breached or doing something nefarious. An intruder will after all need to talk to devices on LAN to actually acomplish anything. -
the whole post is about multiple interfaces
WAN and LAN, not just WAN -
@denitrosubmena said in When will ntopng package be updated???:
I want to monitor the WAN and the LAN
WAN is internet so why in the hell is that not recommended??? that should even be the number interface to monitor as that is in and out traffic from the firewall
When you add WAN to the interface list, you are telling ntopng that your WAN interface is one of your local networks. This is a Bad Idea, and a common mistake people make when starting out with ntopng.
Ntopng is not a threat monitor. It's a traffic monitor with alerts. I recommend that you work with ntopng in the default configuration, with just the LAN interface, for an extended period (weeks) to gain familiarity with it. Then consider your options.
Also, when you come across a thing called "active discovery" in the ntopng GUI, do not be tempted to enable it. It's also a Bad Idea, particularly for a firewall. If you think I'm kidding, start looking through the ntopng source code to see all the stuff it does.
-
can you please show me where the active discovery setting is?
And also mind explaining why it is bad idea to monitor the WAN?
happy to learn and yes am new to using ntopng
-
@denitrosubmena said in When will ntopng package be updated???:
can you please show me where the active discovery setting is?
And also mind explaining why it is bad idea to monitor the WAN?
happy to learn and yes am new to using ntopng
The active discovery setting is inside the ntopng UI (not the pfSense package UI).
There are several reasons that you don't want to include WAN in the list of monitored interfaces. The most important ones are incorrectly considering traffic for other hosts on the WAN to be destined to local hosts, and double counting of a lot of traffic. And if you combine this with enabling active discovery, most ISPs would say that you are attacking other hosts in their network.
-
ok still dont see why not WAN, what will be harmful in having more data?
I already monitor WAN and i like what i see and what i see is helpful to me. Maybe your firewall is used for something different but for me i like to know where and from where the traffic originates and that is from the WAN
So yes i want to monitor WAN plus other interfaces, so i can see all traffic data and decide for myself
-
@dennypage said in When will ntopng package be updated???:
@denitrosubmena said in When will ntopng package be updated???:
the version 5.6 only supports single interface at a time and am told the newer version supports multiple interfaces at same time
is this true?
No, that is not true. To my knowledge, Ntopng has always supported multiple interfaces. Who told you it didn't?
so how do i enable to monitor both the WAN and LAN interfaces???
-
@denitrosubmena said in When will ntopng package be updated???:
ok still dont see why not WAN, what will be harmful in having more data?
[Edit: You haven't even updated to the current version of the package...]
I'm not sure I can guide you further. I've provided you with my best advice, and it doesn't seem that has been helpful to you. I'm sorry I wasn't able to be of more help.
-
you never provided a single help
all am here for is how can i monitor the WAN and LAN interfaces at same time, nothing you have said has helped with that
Instead you here trying to tell me not to monitor WAN, sure thanks i wont because you said so
-
@denitrosubmena
not using this package, did you tried CRTL+click? -
wow wow wow, i did not realize i had to press ctrl
that was it, ctrl worked and i was able to select both
now this is the solution to my question
thanks a million times!