Traffic Classification Using nDPI over DPDK
Last week we have attended the DPDK Summit North America 2018 and talked about how to use nDPI over DPDK, a kernel-bypass toolkit similar to PF_RING. For those who have not attended the presentation,...
View ArticleClik here to view.
Use Remote Assistance to Connect to ntopng Instances
A problem same ntop users how to face with, is the ability to remote access a ntopng instance running behind a firewall. This can be solved using a VPN or other means that often require to deploy an...
View ArticleClik here to view.
Remote ntopng Authentication with RADIUS and LDAP
In large organizations, it is common to have a centralised authentication system usually named AAA (Authentication, Authorization and Accounting). Managing users typically involves the definition and...
View ArticleClik here to view.
Advanced SNMP Monitoring with ntopng
It has been a while since we have added SNMP support to ntopng. The first release, presented in this blog post, implemented basic SNMP support. Since then we have code various improvements and new...
View ArticleClik here to view.
ntopng Disk Requirements for Timeseries and Flows
Being able to do a priori estimations of the space that ntopng is going to use in a production environment is fundamental for the provisioning of the storage. In this post we try to estimate the space...
View ArticleClik here to view.
Measuring ntopng+nProbe Flow Processing Performance
In this post we try to analyze the performance of nProbe and ntopng for the collection of NetFlow. ntopng and nProbe will be broken down into smaller functional units and such units will be analyzed to...
View ArticleIntroducing nDPI 2.6: several new dissectors, DPDK and Hyperscan support
This is to announce the release of nDPI 2.6. Several dissectors have been improved and a few new ones have been added, as well we have improved the detection logic (this in case we have to guess the...
View ArticleIntroducing PF_RING 7.4: PF_RING FT, Containers and Virtual Functions Support
This is to announce a new PF_RING major release 7.4. This release includes many improvements to the PF_RING FT library, which is now more mature thanks to new API functionalities and features that...
View ArticleIntroducing n2disk 3.2: towards 100 Gbit to disk
This is to announce a new n2disk release 3.2. This release, besides addressing a few issues, includes new juicy features: Multithreaded dump and support for multiple volumes. This is useful in a few...
View ArticleClik here to view.
Say hello to nIndex: Personal Big Data System for Network Flows
Being able to store network flows is a very challenging task using generic databases. Networks are becoming faster and faster and, nowadays, flow-based analysis tools should store tens, or even...
View ArticleClik here to view.
Drill Down Deeper: Using ntopng to Zoom In, Filter Out and Go Straight to the...
ntopng has grown significantly over the past years, providing an increasingly-interesting set of features to support network analysts and troubleshooters in their decisions. Among the most relevant...
View ArticleClik here to view.
Welcome to ntopng 3.8 with continuous drill down: packets, flows, activities
We are happy to announce ntopng stable 3.8. The is the core of the next 4.0 release as it integrates new features that will be consolidated in the next release scheduled for spring. The main features...
View ArticleHonouring System Default Policies on ntop Packages
Many distributions provide mechanisms to let the system administrator decide if the new installed packages should be enabled and/or started automatically. Previously, the ntop services were always...
View ArticleClik here to view.
Introducing Ubuntu 18 Support for ntopng Edge (nEdge)
After 6 months from the first nedge announcement, as a response to our customers feedback, nEdge now provides brand new features, like the ability to apply policies based on the device type, the RADIUS...
View Articlentop at FOSDEM 2019: eBPF and High-Resolution Metrics
Hi all, this is to invite all of our community to meet the ntop team at FOSDEM 2019, later this week-end. We have two talks scheduled and we’ll be taking about system visibility and high-resolution...
View ArticleNetwork Traffic Analysis in ntopng (a.k.a. ntopng 2019 Roadmap)
Aut viam inveniam aut faciam, Hannibal 247-182 B.C. For years ntopng has been a solution for collecting, analysing and visualising network traffic, but with a major limitation. It is too rich in data...
View ArticleClik here to view.
How to Detect Malware Hosts and Scanners Using ntopng
Hosts directly connected to the Internet are often contacted by scanners and malware hosts. Since a few releases ntopng integrates a blacklist that is refreshed daily. Whenever a host part of this list...
View ArticleClik here to view.
Identifying Suspicious Flows: Network Issues or Misbehaving Hosts ?
Starting from the latest 3.9 version, ntopng features and handy dropdown menu that allows you to filter flows on the basis of their current TCP state. Being able to filter flows on the basis of their...
View ArticleIntroducing libebpfflow: packet-less network traffic and container visibility...
As previewed during our FOSDEM 2019 talk, this is to introduce libebpfflow a new library for enabling network traffic and container visibility based on eBPF. Designed to be CPU and memory friendly (its...
View ArticleClik here to view.
How to Track an Fight Malware, Ransomware, Botnets… Network Traffic using ntopng
Malware blacklists are not something new to ntopng. ntopng (including ntopng Edge) has integrated the emerging threats blacklist https://rules.emergingthreats.net for a long time. The 3.6 stable...
View Article