Setting Up ntopng with Docker for Network Traffic Analysis

Introduction:
ntopng is a network traffic analysis tool that provides detailed real-time insights into your network’s traffic. By using Docker, you can easily deploy ntopng with its required configurations. In this guide, we’ll show you how to set up ntopng using Docker with the necessary parameters for network monitoring.

Step 1: Install Docker
Before proceeding, ensure you have Docker installed on your system. If you haven’t installed Docker yet, follow the official Docker installation instructions for your operating system.

Step 2: Run ntopng Docker Container
Run the following command to create and start the ntopng Docker container:

docker run -it \
--name ntopng \
-p 3000:3000/tcp \
-p 2055:2055/udp \
-e ACCOUNTID="xxxxx" \
-e LICENSEKEY="xxxxxxxxx" \
-e LOCALNET="192.168.0.0/24" \
-v ntopng_data:/var/lib/ntopng \
--restart unless-stopped \
--net=host \
phantomski/ntopng

Explanation of options used:

  • -it: Allocate a pseudo-TTY and keep STDIN open, allowing you to interact with the ntopng console if needed.
  • --name ntopng: Assign the name “ntopng” to the container for easy management.
  • -p 3000:3000/tcp: Map port 3000 from the container to the host system. This allows you to access the ntopng web interface at http://localhost:3000.
  • -p 2055:2055/udp: Map port 2055 from the container to the host system. This is used for ntopng to receive NetFlow/sFlow data from devices on the network.
  • -e ACCOUNTID="xxxxxx": Set the ntopng Account ID. Replace “xxxxx” with your ntopng account ID obtained from the ntopng website.
  • -e LICENSEKEY="xxxxxxxxxx": Set the ntopng License Key. Replace “xxxxxxxxx” with your ntopng license key obtained from the ntopng website.
  • -e LOCALNET="192.168.0.0/24": Specify the local network to be monitored. Replace “192.168.0.0/24” with your network’s subnet.
  • -v ntopng_data:/var/lib/ntopng: Create a Docker volume named “ntopng_data” and mount it to the /var/lib/ntopng directory inside the container. This volume allows you to persist ntopng data and configurations.
  • --restart unless-stopped: Configure the container to automatically restart if it stops unexpectedly.
  • --net=host: Use the host’s network stack to simplify network configuration and improve performance.

Step 3: Access ntopng Web Interface
Once the ntopng container is running, you can access the ntopng web interface by opening a web browser and navigating to http://localhost:3000. From here, you can explore the real-time network traffic data and analytics provided by ntopng.

Conclusion:
You’ve successfully set up ntopng with Docker, allowing you to monitor and analyze network traffic in real-time. ntopng’s web interface provides comprehensive insights into your network, helping you identify and troubleshoot potential issues. With Docker, managing ntopng becomes easier, and you can quickly deploy it in your network environment.

Happy network monitoring!