The net/ntopng port

ntopng-5.0 – network traffic probe with web ui and deep packet inspection (cvsweb github mirror)


ntopng is a network traffic probe that shows network usage in a high level
of detail. It provides a web-based UI allowing you to visualize traffic flows
broken down by host, country, port, application (via deep packet inspection),
AS number, etc. Flow information can also be dumped to ElasticSearch or

User guide:


$OpenBSD: README,v 1.2 2018/09/04 12:46:18 espie Exp $

| Running ${PKGSTEM} on OpenBSD

Running ntopng
Configure the interfaces to listen on in ntopng_flags:

  rcctl enable ntopng
  rcctl set ntopng flags -i em0

or to listen on two interfaces and allow them to be viewed either
individually or combined:

  rcctl set ntopng flags -i em0 -i em1 -i view:em0,em1

By default ntopng's embedded web server listens to port 3000 from all
interfaces. This can be restricted to localhost only by adding "-w :3000"
to the flags.

To use HTTPS on the built-in web server, create /etc/ssl/ntopng-cert.pem
containing both the private key and certificate in the same file and make
this readable by the _ntopng user. Use the -W flag to listen on HTTPS.

ntopng uses redis as backend storage and will not start unless redis
is running first. This can be done as follows:

  rcctl enable redis
  rcctl order redis ntopng

Then you can start the daemons and connect to the web interface.

  rcctl start redis ntopng

Monitor disk space usage in ${LOCALSTATEDIR}/db/ntopng.


Stuart Henderson

Only for arches

aarch64 alpha amd64 arm hppa i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64


lang/lua net

Library dependencies

Build dependencies

Run dependencies