Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NTOPNG - Is it safe to use on the WAN IF?

    Scheduled Pinned Locked Moved
    Traffic Monitoring
    2
    2
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ConfusedUser
      last edited by

      Hi everyone,

      I was recently testing NTOPNG and I found it pretty useful.

      Would this be safe to use on the WAN interface? I mean how is it capturig all the information?
      Is it connecting to a kind of API on pf so any bugs in NTOPNG would't be a security issue? Or is it directly listening on the interface so that there is a chance of buffer overflows and other bugs that would allow breakig into pfSense or runnig a DoS attack (if someone sends a special malformed package that NTOPNG captures)? Or does it work in a completely different way?

      1 Reply Last reply Reply Quote 0
      • G
        GeoffW
        last edited by

        I hope so!  (Not a very useful response but this is what I have just started using it for - since it is specifically WAN traffic I am trying to identify.)

        It does include some alert items that suggest it is intended for the WAN interface (eg: Suspicious Activity: "Probing or Server Down" messages).

        As for how it is capturing this information, you are probably best advised to look at the ntop website http://www.ntop.org/products/traffic-analysis/ntop/  they speak about being based on libpcap and collecting flows through nprobe.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post