The client was a network administrator interested in implementing a NetFlow analysis server over their local network for the sake of threat intelligence, or security. By utilizing the internet-traffic session data produced by this server, the client would be able to view information regarding application names, session duration, bandwidth utilization, and more. This information can allow for knowledge about possible network bottlenecks or potential attacks.

To fulfill this request, a new virtual machine was added to the network’s virtualized environment. An application known as ntopng (ntop: next generation), was installed and configured to view incoming and outgoing traffic, convert the packets to flows, analyze the flow data, and display the information on a web-based graphical user interface. Ntopng was configured view the server’s second network interface card, and all local VLAN traffic was port forwarded to that card. After extensive research, network troubleshooting, and server configurations, the server began operating successfully as intended.

Project Student: Nathan Miller

Author