Introducing nProbe 9.4: New Platforms Support and Product Editions
This is to announce nProbe 9.4 stable that is an incremental update of 9.2 released last fall. The goal of this maintenance release is to pave the way to pervasive embedded systems support as we now...
View ArticleClik here to view.
Bringing Network Visibility, Cybersecurity and Encrypted Traffic Analysis to...
This is to announce the immediate availability of both ntopng and nProbe for OPNsense, pfSense and FreeBSD, directly supported by ntop, with nightly builds and all the features present on all other...
View ArticleJoin FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)
We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In...
View ArticleClik here to view.
FOSDEM 2021 – Retrospective
FOSDEM 2021 has been an awesome event. For the first time in its history, the event was fully virtual with multiple parallel live streams. According to the infrastructure statistics, it had about 8,000...
View ArticleClik here to view.
How To Monitor Traffic Behind a Firewall (During and Post Pandemic)
Due to pandemic, many people are now working in a delocalised world: some work from home, others from the office. To make things even more complicated, in the past remote workers used to connect to the...
View ArticleClik here to view.
What is Score, and How It can Drive You Towards Network Issues
Telemetry protocols such as sFlow/NetFlow, SNMP or packet-based traffic analysis are the source of data for network traffic monitoring. For a long time visibility was the main issue and people were...
View ArticleClik here to view.
Best Practices for High Speed Flow Collection
Most people use nProbe and ntopng to collect flows using an architecture similar to the one below where nprobe and ntopng are started as follows: nprobe -3 <collector port> -i none -n none —zmq...
View ArticleClik here to view.
Detecting and Analysing Qakbot Traffic Using ntopng
In this post Martin shows how he has used ntopng to detect Qakbot trojan. Many thanks for this contribution. Introduction I am using ntopng for network monitoring quite some time now and I was curios...
View ArticleClik here to view.
Combining nDPI and Wireshark for Cybersecurity Traffic Analysis
At the upcoming Sharkfest Europe 2021 we’ll talk about using Wireshark in cybersecurity. Part of the talk will focus on nDPI and Wireshark integration. Since the last release nDPI features flow risk...
View ArticleClik here to view.
Introducing nProbe IPS: 10 Gbit nDPI-based Traffic Policer and Shaper
This is to introduce a new nProbe feature that brings IPS (Intrusion Prevention System) support via nDPI for Linux and FreeBSD (including OPNsense and pfSense). As shown in the picture below, nProbe...
View ArticleMay 27th: Webinar on DPI-based traffic enforcement, ntop tools on...
For a long time, ntop mainly focused on passive traffic analysis. As cybersecurity is becoming a main concern for many organisation and individuals, we have boosted our tools by introducing facilities...
View ArticleOn Network Visibility and Cybersecurity
Today we had the change to talk about network visibility and cybersecurity during an event organised by the Milan Internet Exchange MIX-IT. In this talk we have presented the current state of...
View ArticleHow to Spot Unsafe Communications using nDPI Flow Risk Score
nDPI it is much more than a DPI library used to detect the application protocol. In the past year, nDPI has grown in terms of cybersecurity features used to detect threats and network issues leveraging...
View ArticleClik here to view.
How Attackers and Victims Detection works in ntopng
In recent ntopng versions, alerts have been significantly enriched with metadata useful to understand network and security issues. In this post, we focus on the “Attacker” and “Victim” metadata, used...
View ArticleClik here to view.
nProbe IPS: How To setup an Inline Layer-7 Traffic Policer in 5 Minutes
Introduction Recently, we have added Intrusion Prevention System (IPS) capabilities to our nProbe. Those capabilities are available starting from the latest 9.5 version, both for Linux and FreeBSD –...
View ArticleClik here to view.
Handling Traffic Directions with sFlow/NetFlow/IPFIX
Network interfaces natively support RX and TX directions, so tools such as ntopng can detect the traffic directions and depict this information accordingly. In the above picture that ntopng shows in...
View ArticleHow to Collect and Analyse AWS VPC Flow Logs
Amazon Virtual Private Cloud (VPC) flow logs and in essence text-based Netflow-like logs consisting of fields that describe the traffic flow. They are often collected on disk and published to S3...
View ArticleNetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and...
View ArticleClik here to view.
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime...
View ArticleClik here to view.
Collecting Flows from Hundred of Routers Using Observation Points
Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet...
View Article