ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. ntopng is based on libpcap  and it has been written in a portable way in order to virtually run on every Unix platform. MacOSX and on Windows as well.

ntopng provides an intuitive, encrypted web user interface for the exploration of realtime and historial traffic information.

Main Features

  • Sort network traffic according to many criteria including IP, address, port, L7 protocol throughput. Autonomous Systems (ASs)
  • Show realtime network traffic and active hosts
  • Produce long-term reports for several network metrics including throughput and application protocols
  • Top talkers (senders/receivers), top ASs, top L7 applications
  • Monitor and report live throughput, network and application latencies, Round Trip Time (RTT), TCP statistics (retransmissions, out of order packets, packet lost), and bytes and packets transmitted
  • Store on disk persistent traffic statistics to allow future explorations and post-mortem analyses
  • Geolocate and overlay hosts in a geographical map

sguil is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practce of Network Security Monitoring and event driven analysis. The Sguil client is writtent in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, ‘BSD, Solaris, MacOS and Win32)


Netdisco is a network management tool, designed for large corporate and university networks, that map MAC addresses to IP addresses allowing network administrators to locate the exact switch port of any node connected to the network.

Netdisco utilizes SNMP to fetch ARP tables from routers and MAC tables from layer 2 switches. There is no need for privileged command line access to the devices. Collected data is stored to a PostgreSQL database.

Elasticseach is a distributed, RESTful search and analytics engine capable of solving a growing number of use cases. As the heart of the Elastic Stack, it centrally stores your data so you can discover the expected and uncover the unexpected.

Elasticsearch lets you perform and combine many types of searches – structured, unstructured, geo, metric – any way you want. Start simple with one question and see where it takes you.

It uses standard RESTful APIs and JSON. They also build and maintain clients in many languages such as Java, Python, .NET and Groovy.

Nagios Core is the industry standard in IT monitoring software. The highly awarded Nagios Core engine has been the defacto standard in network infrastructure monitoring for over a decade, providing unparalleled performance and flexibility.


Nagios Business Process Intelligence is an advanced grouping tool that allows you to set more complex dependencies to determine groups states. NagiosBPI provides an interface to effectively view he ‘real’ state of the network. Rules for group states can be determined by the user, and parent-child relationships are easily identified when you need to drill down on a problem. This tool can also be used in conjunction with a check plugin to allow for notifications through Nagios.

GLPI is the information Resource-Manager with an additional Administration-Interface. You can use it to build up a database with an inventory for your company (computer, software, printers, etc). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.

The principal functionalities of the application are :

  1. The precise inventory of all the technical resources. All their characteristics will be stored in a database.
  2. Management and the history of the maintenance and the bound procedures. This application is dynamic and is directly connected to the users who can post requests to the technicians. An interface thus authorizes the latter with if required preventing the service of maintenance and indexing a problem encountered with one of the technical resources to which they have access.

Cacti is a complete network graphing solution designed to harness the power of RRDTool data storage and graphing functionality. Cacti provides a fast poller advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with thousands of devices.

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it and then sends it to your favorite ”Stash”.

Data is often scattered or siloed across many formats. Logstash supports a variety of inputs that pull in events from a multitude of common sources, all at the same time. Easily ingest from your logs, metrics, web applications, data stores, and various AWS services, all in continuous,  streaming fashion.

As data travels from source to store, Logstash filters parse each event identify named fields to build structure and transform them to converge on a common format for easier, accelerated analysis and business value. Logstash dynamically transforms and prepare your data regardless of format or complexity.

Grafana allows you to query, visualize, alert on and understand your metrics no matter where they are stored, Create, explore, and share dashboards with your team and foster a data driven culture.

From heatmaps to histograms, graphs to geomaps, Grafana has a plethora of visualization options to help you understand your data, beautifully. Seamlessly define alerts where it makes sense — while you’re in the data. Define thresholds visually, and get notified via Slack, PagerDuty, and more. Bring your data together to get better context. Grafana supports dozens of databases, natively. Mix them together in the same Dashboard. Grafana gives you options.

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.


Barnyard2 is an open source interpreter for Snort unified2 binary output files. Its primary use is allowing Snort to write to disk in an efficient manner and leaving the task of parsing data into various formats to a separate process that will not cause Snort to miss network traffic.

Barnyard2 has 3 modes of operation:

  1. batch (or one-shot);
  2. continual, and
  3. continual w/ bookmark

In batch (or one-shot) mode, Barnyard2 will process the explicitly specified file(s) and exit.
In a continual mode, Barnyard2 still start with a location to look and a specified file pattern and continue to process new data (and new spool files) as they appear.

Kibana lets you visualize your Elasticsearch data and navigate the Elastic Stack, so you can do anything from learning why you’re getting paged at 2:00 a.m. to understanding the impact rain might have on your quarterly numbers.

Kibana gives you the freedom to select the way you give shape to your data. And you don’t always have to know what you’re looking for. With its interactive visualizations, start with one question and see where it leads you.

Kibana core ships with the classics: histograms, line graphs, pie charts, sunbursts, and ore. They leverage the full aggregation capabilities of Elasticsearch.

Take the relevance capabilities of a search engine, combine them with graph exploration and uncover the uncommonly common relationships in your Elasticsearch data. Detect the anomalies hiding in your Elasticsearch Data and explore the properties that significantly influence them with unsupervised machine learning features in X-Pack.