• ntopng High-speed web-based traffic analysis.

  • nDPI Identify hundreds of L7 protocols.

  • nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

  • Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.
  • Introducing n2disk 2.8 with Microburst Detection

    Together with PF_RING 6.6, today we also released n2disk 2.8. In this release we introduced support for microburst detection in order to spot traffic bursts, which is crucial in identifying potential capacity issues and troubleshooting packet loss in network equipments. We … Continue reading

  • PF_RING 6.6 Just Released

    After almost one year of development, this is to announce the release of PF_RING 6.6. In this release we have worked on different areas: Introduced nBPF, a software packet-filtering component similar to BPF, that is able to exploit hardware packet … Continue reading

  • Network Security Analysis Using ntopng

    Most security-oriented traffic analysts rely on IDSs such as Bro or Suricata for network security. While we believe that they are good solutions, we have a different opinion on this subject. In fact we believe that it is possible to use … Continue reading

  • Capture, Filter, Extract Traffic using Wireshark and PF_RING

    Last year we introduced our new nBPF library able to: 1. Convert a BPF filter to hardware rules for offloading traffic filtering to the network card, making it possible to analyse traffic at 100G. 2. Accelerate traffic extraction from an … Continue reading

  • Filling the Pipe: Exporting ntopng Flows to Logstash

    Logstash comes in very handy when it is necessary to manipulate or augment data before the actual consolidation. Typical examples of augmentation include IP address to customer ID mappings and geolocation, just to name a few. ntopng natively supports network flows … Continue reading

  • Meet ntop on April 28th @ Microsoft Munich

    This year we’ve accepted the invitation from Wuerth-Phoenix to be part of their Roadshows 2017 and talk about network and system monitoring. The first workshop will be in Munich, Germany on April 28th. All ntop users are invited to come and … Continue reading

  • What Is a Microburst and How to Detect It?

    It’s not uncommon to see network administrator struggling tracking down packet drop on network equipments at interface level, while having a low average link utilisation. At the end it often turns out to be due to a phenomenon (well) known … Continue reading

  • Collecting Proprietary Flows with nProbe

    nProbe has been originally designed as an efficient tool able to capture traffic packets and transform them into flows. Call it network probe or sensor. Over the years we have added the ability to collect flows (i.e. nProbe is both … Continue reading

  • Positioning PF_RING ZC vs DPDK

    Last week I have met some PF_RING ZC and DPDK users. The idea was to ask questions on PF_RING (for the existing ZC users) and understand (for DPDK users) whether it was a good idea to jump on ZC for … Continue reading

  • Clustering Network Devices using ntopng Host Pools

    In computer networks, devices are identified by an IP and a MAC. The IP can be dynamically assigned (so it might not be persistent), whereas the MAC is (in theory) unique and persistent for identifying a device. Non-technical users, do … Continue reading