Short ntop Roadmap for 2022
Those who attended our latest 2021 webinar, had a feeling of what are ntop plans for this year. In summary we keep focusing on cybersecurity and visibility, planning to further enhance our existing...
View ArticleClik here to view.
HowTo Define nDPI Risk Exceptions for Networks and Domains
In the past couple of years we have added the concept of flow risk in nDPI that allows issues with flows to be detected (for instance expired TLS certificates). Unfortunately we need to silence some of...
View ArticleClik here to view.
Historical Traffic Analysis at Scale: Using ClickHouse with ntopng
Last year we have announced the integration of ClickHouse, an open source high-speed database, with nProbe for high-speed flow collection and storage. Years before we have created nIndex, a columnar...
View Articlentopng and ClickHouse: Lessons Learnt at California Institute of Technology
Caltech has been experimenting with ntopng on our network for slightly over a year now. We send a decent amount of traffic to ntopng, bursting up to 20Gbps, utilising Cento to read the wire and...
View ArticleIntroducing nDPI 4.2: More Protocols and Robustness with -80% Memory
This is to announce the availability of nDPI 4.2 stable that brings several improvements and a reduced per-flow memory footprint (about -80% with respect to 4.0). We have continued to improve the DPI...
View ArticleClik here to view.
Welcome to ntopng 5.2: Historical Data Analysis, Better Performance and Alerting
Initially designed as a maintenance release, 5.2 brings many improvements in its processing engine with over 3’000 code commits. The main goal is to enhance application scalability by optimising memory...
View ArticleClik here to view.
You’re invited at FOSDEM 2022 (5 and 6 February) in the ntop stand
As most of our users know, every year we were used to meet the world of open source at FOSDEM in Brussels. Due to pandemic, this yearly event has been moved online so we invite you to attend it...
View ArticleClik here to view.
Using ntopng with Checkmk: A Tutorial
Today we’ll discuss the ntopng integration with CheckMK, a popular open source infrastructure monitoring tool to which ntopng adds traffic visibility. If IT infrastructure monitoring and network usage...
View ArticleClik here to view.
Incident Analysis: How to Correlate Alerts with Flows and Packets
In incident analysis it is important to provide evidence of the problem at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected...
View ArticleClik here to view.
Dispatching Alerts: How to Master Notifications in ntopng
Alerts in ntopng are the result of traffic analysis based on checks. Checks detect that specific indicators on traffic require attention: for instance a host whose behavioural score has exceeded a...
View ArticleClik here to view.
How We Simplified Data Search in ntopng
ntopng users are familiar with the search box present at the top of each page. It was originally designed to find hosts and jump to their details page. Over the years we have added a lot of new...
View Articlentop Professional Training: May 2022
This is to announce that the next ntop professional training will take place in May 2022. All those who are using ntop tools for business are invited to attend this session. The idea is to divide the...
View Articlentop Conference 2022: Call for Speakers
This is to announce the dates of the ntop conference 2022 that will take place in Milan at UniBocconi: June 23rd conference, 24th training. We are currently looking for speakers as we want to hear your...
View ArticleClik here to view.
How PF_RING is Used to Fight Internet Censorship: Refraction Networking
Internet censorship is a global phenomenon (see Figure 1) that aims to throttle or entirely block access to certain Internet resources. National or regional governments impose Internet censorship by...
View ArticleClik here to view.
HowTo Use TLS for Securing Flow Export/Collection
One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to...
View ArticleRegistration for ntopConf 2022 (June 23-24) is now Open
This year the ntop community will meet in Milan, Italy on June 23-24. Conference will take place the first day, whereas the second day will be used for training. We’ll be talking about network traffic...
View ArticleClik here to view.
How ntopng monitors IEC 60870-5-104 traffic
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine....
View ArticleBest Practices for Using ntop Tools on Containers
Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools...
View ArticleHow to Configure Flow Risk Exclusions in nDPI and ntopng
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have...
View ArticleClik here to view.
ntopConf2022: News, Announcements and Future Plans
Last week the ntopConf 2022 was held in presence in Milan at Bocconi University and about 100 people attended it. Presentation material including slides and videos are available at the conference page...
View Article