Mailing List Archive

I have the following network setup in a large community house with 24
users, each of whom have 2-7 devices who all use it exvlusively to connect
to the Internet:





As you can see I am slowly replacing cheap unreliable hardware with more
reliable Cisco equipment.



I’d like to better understand the traffic flows to improve performance and
it looks like nProbe and ntopng could help with this.



I have read few articles posted over a number of years about running nProbe
and ntopng on low cost hardware. Has anyone got any advice about:

1. whether nProbe/ntopng is the right solution for our house (on a
budget) – am I barking up the right tree?

2. The architecture – should I connect a nProbe / ntopng node to the
router and port mirror the port running to the switch? I would like to
avoid adding a point of failure which would be introduced using the similar
solution of putting the nProbe between the switch and the router or router
and internet proposed here
<http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/>
.

3. up-to-date advice about suitable low cost hardware which can run
both nProbe and ntopng and handle the volume of traffic.



Thanks very much,



Dan

Dan,

> On 11 Sep 2017, at 16:37, Dan Staley <daniel.staley@gmail.com> wrote:
>
>
> I have the following network setup in a large community house with 24 users, each of whom have 2-7 devices who all use it exvlusively to connect to the Internet:
>
>
>
> <image002.png>
>
>
>
> As you can see I am slowly replacing cheap unreliable hardware with more reliable Cisco equipment.
>
>
>
> I’d like to better understand the traffic flows to improve performance and it looks like nProbe and ntopng could help with this.
>
>
>
> I have read few articles posted over a number of years about running nProbe and ntopng on low cost hardware. Has anyone got any advice about:
>
> 1. whether nProbe/ntopng is the right solution for our house (on a budget) – am I barking up the right tree?
>

It is the right solution. You may not even need nProbe.

> 2. The architecture – should I connect a nProbe / ntopng node to the router and port mirror the port running to the switch?
>

This is the ideal setup to capture all the traffic from/to the Internet. You won't see the traffic between clients but you will get all the traffic that enters/exit the home network.

> I would like to avoid adding a point of failure which would be introduced using the similar solution of putting the nProbe between the switch and the router or router and internet proposed here <http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/>.
>

No need for a bridged setup. A passive mirror is OK in your environment.

> 3. up-to-date advice about suitable low cost hardware which can run both nProbe and ntopng and handle the volume of traffic.
>

Please, give indication on the volume of traffic. Anyway, any box with a 2.4GHz+ processor and 4GB+ RAM should suffice in an environment like yours.

>
>
> Thanks very much,
>
>
>
> Dan
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Thanks Simon,

I thought that nProbe was a necessity without a router / switch that
supports netflows. Can I just install ntopng?

Daily WAN usage is around 20gb per day with spikes of upto 100gb per day. I
have ran WAN speed tests on an iPhone delivering 120mb/s download speed but
it is usually 60mb/s. Upload speed is an order of magnitude slower.

I currently don't have any hardware for this. I was hoping I could use a
raspberry Pi or similar but from the sounds of it you think it requires
more CPU speed / RAM. Could you recommend a low cost / low power device or
am I best off trawling eBay for an old server?

Thanks again,

Dan


On 12 Sep 2017 8:56 a.m., "Simone Mainardi" <mainardi@ntop.org> wrote:

Dan,

On 11 Sep 2017, at 16:37, Dan Staley <daniel.staley@gmail.com> wrote:


I have the following network setup in a large community house with 24
users, each of whom have 2-7 devices who all use it exvlusively to connect
to the Internet:



<image002.png>



As you can see I am slowly replacing cheap unreliable hardware with more
reliable Cisco equipment.



I’d like to better understand the traffic flows to improve performance and
it looks like nProbe and ntopng could help with this.



I have read few articles posted over a number of years about running nProbe
and ntopng on low cost hardware. Has anyone got any advice about:

1. whether nProbe/ntopng is the right solution for our house (on a
budget) – am I barking up the right tree?


It is the right solution. You may not even need nProbe.

2. The architecture – should I connect a nProbe / ntopng node to the
router and port mirror the port running to the switch?


This is the ideal setup to capture all the traffic from/to the Internet.
You won't see the traffic between clients but you will get all the traffic
that enters/exit the home network.

I would like to avoid adding a point of failure which would be introduced
using the similar solution of putting the nProbe between the switch and the
router or router and internet proposed here
<http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/>
.


No need for a bridged setup. A passive mirror is OK in your environment.

3. up-to-date advice about suitable low cost hardware which can run
both nProbe and ntopng and handle the volume of traffic.


Please, give indication on the volume of traffic. Anyway, any box with a
2.4GHz+ processor and 4GB+ RAM should suffice in an environment like yours.



Thanks very much,



Dan

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop



_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Dan,

> On 12 Sep 2017, at 15:46, Dan Staley <daniel.staley@gmail.com> wrote:
>
> Thanks Simon,
>
> I thought that nProbe was a necessity without a router / switch that supports netflows. Can I just install ntopng?

yes

>
>
> Daily WAN usage is around 20gb per day with spikes of upto 100gb per day. I have ran WAN speed tests on an iPhone delivering 120mb/s download speed but it is usually 60mb/s. Upload speed is an order of magnitude slower.

ok, this is definitely doable also with ntopng alone

>
> I currently don't have any hardware for this. I was hoping I could use a raspberry Pi or similar but from the sounds of it you think it requires more CPU speed / RAM.

100Mbps on a pi is too much.

> Could you recommend a low cost / low power device

see this fan-less mini-pc: https://www.zotac.com/product/mini_pcs/zbox_c_series <https://www.zotac.com/product/mini_pcs/zbox_c_series>
> or am I best off trawling eBay for an old server?
>
> Thanks again,
>
> Dan
>
>
> On 12 Sep 2017 8:56 a.m., "Simone Mainardi" <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
> Dan,
>
>> On 11 Sep 2017, at 16:37, Dan Staley <daniel.staley@gmail.com <mailto:daniel.staley@gmail.com>> wrote:
>>
>>
>> I have the following network setup in a large community house with 24 users, each of whom have 2-7 devices who all use it exvlusively to connect to the Internet:
>>
>>
>>
>> <image002.png>
>>
>>
>>
>> As you can see I am slowly replacing cheap unreliable hardware with more reliable Cisco equipment.
>>
>>
>>
>> I’d like to better understand the traffic flows to improve performance and it looks like nProbe and ntopng could help with this.
>>
>>
>>
>> I have read few articles posted over a number of years about running nProbe and ntopng on low cost hardware. Has anyone got any advice about:
>>
>> 1. whether nProbe/ntopng is the right solution for our house (on a budget) – am I barking up the right tree?
>>
>
> It is the right solution. You may not even need nProbe.
>
>> 2. The architecture – should I connect a nProbe / ntopng node to the router and port mirror the port running to the switch?
>>
>
> This is the ideal setup to capture all the traffic from/to the Internet. You won't see the traffic between clients but you will get all the traffic that enters/exit the home network.
>
>> I would like to avoid adding a point of failure which would be introduced using the similar solution of putting the nProbe between the switch and the router or router and internet proposed here <http://www.ntop.org/nprobe/how-to-build-a-100e-augmented-netflowipfix-probe-ubiquity/>.
>>
>
> No need for a bridged setup. A passive mirror is OK in your environment.
>
>> 3. up-to-date advice about suitable low cost hardware which can run both nProbe and ntopng and handle the volume of traffic.
>>
>
> Please, give indication on the volume of traffic. Anyway, any box with a 2.4GHz+ processor and 4GB+ RAM should suffice in an environment like yours.
>
>>
>>
>> Thanks very much,
>>
>>
>>
>> Dan
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop