When will ntopng package be updated???
-
Which version of pfSense are you running?
My 24.03 Plus offers newer version for install... -
the version 5.6 only supports single interface at a time and am told the newer version supports multiple interfaces at same time
is this true?
in the pfsense settings page, we can only chose one interface to monitor at a time, and that is what issue is currently, and i want to stick to packages managed by the native package manager so i dont run into issues
-
am running this version
2.7.2-RELEASE (amd64) built on Wed Dec 6 14:10:00 CST 2023 FreeBSD 14.0-CURRENTwhich is current latest pfsense
downloaded from here https://sgpfiles.netgate.com/mirror/downloads/
or am i missing something?
-
@denitrosubmena said in When will ntopng package be updated???:
the version 5.6 only supports single interface at a time and am told the newer version supports multiple interfaces at same time
is this true?
No, that is not true. To my knowledge, Ntopng has always supported multiple interfaces. Who told you it didn't?
-
@mvikman said in When will ntopng package be updated???:
My 24.03 Plus offers newer version for install...
Yes, you are correct. The underlying ntopng dependency is version 6.0. This was changed after the version of the pfSense package was set. My bad.
-
@denitrosubmena said in When will ntopng package be updated???:
in the pfsense settings page, we can only chose one interface to monitor at a time
The screen pic you posted is not for the current version of the ntopng package.
Two additional things:
- Yes, you can select multiple monitored interfaces in the list, even in the old version that you are running.
- You only have one local segment (LAN), so you really don't need multiple interface monitoring. Enable ntopng monitoring on the WAN interface is not recommended.
-
I want to monitor the WAN and the LAN
WAN is internet so why in the hell is that not recommended??? that should even be the number interface to monitor as that is in and out traffic from the firewall
-
@denitrosubmena said in When will ntopng package be updated???:
I want to monitor the WAN and the LAN
WAN is internet so why in the hell is that not recommended??? that should even be the number interface to monitor as that is in and out traffic from the firewall
Ehh no. WAN will have a million attempts of access every day, so you will never find a possible valid attack in the mountain of false positives.
On LAN you will get a baseline of your clients and devices behaviour, and stand a MUCH better chance of spotting if anything is breached or doing something nefarious. An intruder will after all need to talk to devices on LAN to actually acomplish anything. -
the whole post is about multiple interfaces
WAN and LAN, not just WAN -
@denitrosubmena said in When will ntopng package be updated???:
I want to monitor the WAN and the LAN
WAN is internet so why in the hell is that not recommended??? that should even be the number interface to monitor as that is in and out traffic from the firewall
When you add WAN to the interface list, you are telling ntopng that your WAN interface is one of your local networks. This is a Bad Idea, and a common mistake people make when starting out with ntopng.
Ntopng is not a threat monitor. It's a traffic monitor with alerts. I recommend that you work with ntopng in the default configuration, with just the LAN interface, for an extended period (weeks) to gain familiarity with it. Then consider your options.
Also, when you come across a thing called "active discovery" in the ntopng GUI, do not be tempted to enable it. It's also a Bad Idea, particularly for a firewall. If you think I'm kidding, start looking through the ntopng source code to see all the stuff it does.
-
can you please show me where the active discovery setting is?
And also mind explaining why it is bad idea to monitor the WAN?
happy to learn and yes am new to using ntopng
-
@denitrosubmena said in When will ntopng package be updated???:
can you please show me where the active discovery setting is?
And also mind explaining why it is bad idea to monitor the WAN?
happy to learn and yes am new to using ntopng
The active discovery setting is inside the ntopng UI (not the pfSense package UI).
There are several reasons that you don't want to include WAN in the list of monitored interfaces. The most important ones are incorrectly considering traffic for other hosts on the WAN to be destined to local hosts, and double counting of a lot of traffic. And if you combine this with enabling active discovery, most ISPs would say that you are attacking other hosts in their network.
-
ok still dont see why not WAN, what will be harmful in having more data?
I already monitor WAN and i like what i see and what i see is helpful to me. Maybe your firewall is used for something different but for me i like to know where and from where the traffic originates and that is from the WAN
So yes i want to monitor WAN plus other interfaces, so i can see all traffic data and decide for myself
-
@dennypage said in When will ntopng package be updated???:
@denitrosubmena said in When will ntopng package be updated???:
the version 5.6 only supports single interface at a time and am told the newer version supports multiple interfaces at same time
is this true?
No, that is not true. To my knowledge, Ntopng has always supported multiple interfaces. Who told you it didn't?
so how do i enable to monitor both the WAN and LAN interfaces???
-
@denitrosubmena said in When will ntopng package be updated???:
ok still dont see why not WAN, what will be harmful in having more data?
[Edit: You haven't even updated to the current version of the package...]
I'm not sure I can guide you further. I've provided you with my best advice, and it doesn't seem that has been helpful to you. I'm sorry I wasn't able to be of more help.
-
you never provided a single help
all am here for is how can i monitor the WAN and LAN interfaces at same time, nothing you have said has helped with that
Instead you here trying to tell me not to monitor WAN, sure thanks i wont because you said so
-
@denitrosubmena
not using this package, did you tried CRTL+click? -
wow wow wow, i did not realize i had to press ctrl
that was it, ctrl worked and i was able to select both
now this is the solution to my question
thanks a million times!
-
@denitrosubmena said in When will ntopng package be updated???:
you never provided a single help
all am here for is how can i monitor the WAN and LAN interfaces at same time, nothing you have said has helped with that
Apologies, it never occurred to me that you were unaware of how to select multiple entities in a UI (User Interface). The control/command selection method is common across almost all UIs. Google "how do i select multiple items in a list?" for more information on using UIs in a browser.
Instead you here trying to tell me not to monitor WAN, sure thanks i wont because you said so
Hubris will not aid you here. You indicated that you were new to ntopng, and wanted to learn. Two very experienced people, one of whom is the author of the ntopng package, have advised you not to include WAN in the list of local networks. It might make sense to listen, at least until you have extensive experience with pfSense and the ntopng package.
I don't know why I let things like this bother me so much.
-
@dennypage because you’re human. Because folks ungrateful and/or harsh replies are so illogical that it almost begs a reply. Then there’s the anonymous part where if you physically saw and interact with the person most likely this conversation wouldn’t have gone this way.
Either way the OPs response is borderline idiotic and uncalled for. Please don’t let it get to you. You did a great job in responding. This is just miscommunication.