Combining traffic recording with visibility at 100 Gbps
A few months ago, with ntopng 3.8, we introduced support for continuous traffic recording, that allows you to drill down historical data from the timeseries level up to raw packets. This is useful when...
View ArticlePackets vs eBPF/System Events: Positioning nProbe vs nProbe Agent
nProbe (and ntopng) is a traditional packet-based application, whose lifecycle is Capture a packet and dissect/decode it Update the representation in memory of the network traffic (e.g. the flow table)...
View ArticleMerging Infrastructure and Traffic Monitoring: Integrating ntopng with Icinga
Icinga2 is an open source monitoring system which checks the availability of hosts and services, notifies users of outages and generates performance data for reporting. Thanks to its scalability and...
View ArticleUsing RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng
RFC8520 (Manufacturer Usage Description) specifies what is the intended (from the manufacturer standpoint) network behaviour of a network device. Being it defined in JSON format by the device...
View ArticleHow Encryption Changed Network Traffic (Monitoring). Finally.
For years traffic monitoring tools assumed traffic was in clear text. This because when the Internet was created all the main protocols such as DNS, HTTP, SMTP, Telnet, POP were in clear. With this...
View ArticleIntroducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease
Those who though that DPI died with the advent of traffic encryption should play with nDPI v3 that we’re introducing today. As already discussed, the pervasive use of encrypted traffic requires a new...
View ArticlenProbe Cento 1.10 is Out
After nDPI v3 release, today we have rolled out an incremental update of nProbe Cento. In addition to fixing a few issues, we introduce in Cento some of the fingerprints implemented by nDPI so that we...
View ArticleDo You Know What Hackers Hide in SSL/TLS?
ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta, a...
View ArticleFinding a Needle in a Haystack (was Traffic Disaggregation with Sub...
Network traffic moving across a link often contains various types of traffic, for example in large companies it can include a mix of traffic coming from: Employees network Core company servers Guests...
View ArticleNew Directions in Network Traffic Security: Homework for 2020
Summary With today’s traffic, most network IDSs (NIDS) have severe limitations in terms of visibility and ability to be easily circumvented by malware (for instance running a known service on a...
View Articlentopng & Suricata: Unifying Visibility with Security
This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata. In short: Suricata is a great tool for analysing individual flows but It lacks a GUI It is blind to security...
View ArticlePacket-less traffic analysis using Wireshark and libebpfflow
If you wonder how you can use Wireshark with containers, you now have a solution. This week we have presented at Sharkfest EU 2019 how we have integrated libebpfflow, our home-grown eBPF-based library...
View ArticleSpotting Plaintext Information in Network Protocols
In short: encryption does not always mean that all the information exchanged is really encrypted. Another myth is that many people believe that the equation “encryption = security” holds. Unfortunately...
View ArticleExploring Physical Network Topologies Using ntopng
ntop tools are known for monitoring network traffic. However this traffic has to flow on physical networks and thus it is important to understand the physical network layout. LLDP (Link Layer Discovery...
View ArticleHow to use nDPI from CLI to analyse network traffic
Most people use nDPI indirectly being it part of ntopng and many other non-ntop developed tools. However not many people know that nDPI can also be used from the command line to analyse network...
View ArticleRethinking Network Flow Visualisation
Traffic monitoring applications often aggregate traffic in flows, that in essence is a way to divide traffic according to a 5-tuple key (Protocol, IP/port source/destination). Flows are then aggregated...
View ArticleIntroducing Automatic Package Update in ntopng
One of the most useful features in applications, is the ability to Update the application with a matter of click with no need to move to the terminal console. Instruct the system to update the...
View ArticleIntroducing n2disk 3.4: 100 Gbit Traffic Dump to Disk
This is to announce a new n2disk release 3.4. In addition to major performance optimisations with FPGA-based NICs, this release adds new interesting features including the ability to filter traffic...
View ArticleImportant Geolocation Changes in ntop Products
ntop products have been using geolocation databases provided by MaxMind for a long time, to augment network IP addresses with geographical coordinates (cities, countries) and information on the...
View ArticleEncrypted Traffic Analysis: A Primer
Monitoring encrypted traffic is must for providing visibility in modern traffic. Due to this we’ve put a lot of energy in extending nDPI so that it could be useful in this context. DPI (deep packet...
View Article