Clik here to view.
Using ntop tools (including PF_RING ZC) on Docker
Software containers are an elegant way to deploy software applications. If you are wondering if ntop supports software containers the answer is yes. Whenever new stable versions of packages are built,...
View ArticleYou’re invited to the future of nDPI: Python, Cybersecurity and Behaviour....
Hi all, this is to invite you to an open discussion about nDPI, its future. In particular Python bindings, cybersecurity extensions and behaviour analysis. We will meet at 4PM CET (10AM EST) live on...
View ArticleClik here to view.
Webinar Invitation: Network Monitoring in Post-Lockdown Days (May 21st and...
This is to invite our community to a new webinar that will explain how we have enhanced ntopng to take into account network monitoring challenges due to global lockdown. In particular we will show how...
View ArticleClik here to view.
How Lockdown Changed Corporate Internet Connectivity
Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over. In essence during the lockdown remote workers used very few corporate...
View ArticleClik here to view.
Why Behaviour Traffic Analysis is Good (was Encrypting TLS 1.3 Traffic)
In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted...
View Articlentop Tools Taxonomy
As sometime people is confused about the various options ntopng tools offer, this post is an attempt to clarify them in a single page. Use CaseProduct Collect flows (sFlow and/or NetFlow) and dump them...
View ArticleClik here to view.
Howto Identify and Block Telegram-based Botnets
Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can...
View ArticleClik here to view.
Howto Build a 100 Gbit (Drop-Free) Continuous Packet Recorder using n2disk...
In the first post of this series (part 1) we described how to build a 2×10 Gbit continuous packet recorder using n2disk and PF_RING, in the second post (part 2) we described what hardware is required...
View ArticleClik here to view.
Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis...
Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to...
View ArticleJuly 16th and 24th: Community Meeting and Webinar Announcement
This month we’ll meet our community in two different events: When: Thursday, July 16th, 16:00 CET / 10 AM EST What: Live community meeting Where: Discord. You can read more here how to join on the...
View ArticleClik here to view.
Mice and Elephants: HowTo Detect and Monitor Periodic Traffic
Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often...
View ArticleIntroducing n2n 2.8: Modern Crypto and Data Compression
This is to announce the release of n2n 2.8 stable. This release brings significant new features to n2n’s crypto world and offers some compression opportunities. Overall n2n performance has been greatly...
View ArticleClik here to view.
How to Detect Domain Hiding (a.k.a. as Domain Fronting)
Domain fronting is a technique that was used in 2010s by mobile apps to attempt to bypass censorship. The technique relies on a “front” legitimate domain that basically acts as a pivot for the...
View ArticleIntroducing PF_RING ZC support for Intel E810-based 100G adapters
Last year Intel announced a new family of 100 Gigabit network adapters, code-name Columbiaville. These new adapters, based on the new Intel Ethernet Controller E810, support 10/25/50/100 Gbps link...
View ArticleClik here to view.
How Attack Mitigation Works (via SNMP)
One of the greatest strengths of ntopng is its ability to correlate data originating at different layers and at multiple sources together. For example, ntopng can look at IP packets, Ethernet frames...
View ArticleClik here to view.
Monitoring Industrial IoT/Scada Traffic with nDPI and ntopng
Monitoring Industrial IoT and SCADA traffic can be challenging as most open source monitoring tools are designed for Internet protocols. As this is becoming a hot topic with companies automating...
View ArticleSeptember Webinars: ntopng Scripting and API Integrations
Save the date! Two webinars have been planned for the cycle of this month. We start on Thursday, September 17th, 16:00 CEST / 10 AM EST, with “How to Write an ntopng Plugin“. In this workshop, we will...
View ArticleHow to Dump, Index, and Layer-7 Filter Network Traffic at High Speed
n2disk is an application that many of the ntop community uses to dump traffic up to 100 Gbit. What few people know is that n2disk can index data not just using packet header information (i.e. IP, port....
View ArticleHow Great Hashing Can (More Than) Double Application Performance
Most ntop applications (ntopng, nProbe, Cento) and libraries (FT) are based on the concept of flow processing, that merely means keeping track of all network communications. In order to implement this,...
View ArticleClik here to view.
Using ntopng Recipients and Endpoints for Flexible Alert Handling
In the latest ntopng 4.1.x versions (and soon 4.2) we have completely reworked the way alerts are delivered to subscribers. Up to 4.0 the ntopng engine was configured in a single way for all alerts: go...
View Article