20 Years of ntop and Beyond

Posted · Add Comment

This month it’s 20 years that I have started the ntop project. Initially it was a hobby project, willing to understand what was really flowing on a network after having spent 5 years playing with OSI that was clearly a dead end (whoever used FTAM to download a file and compared it with FTP/NFS or drag-and-drop on a Mac desktop, understands what I mean), even for me that just graduated from university.

My initial idea behind ntop was to create a simple tool able to enable network visibility without having to deal with complicated network protocols (you’re all used to IP, but in late 90s many other non-IP protocols existed such as AppleTalk, IPX, SNA… and non-Ethernet encapsulations such as Token-Ring, FDDI…). This triggered my interests in creating tools able to operate on commodity hardware boxes, simple to use and install. Today it’s probably normal to buy a PC on Amazon, install Linux and run your monitoring tools, but years ago it was not like that.

Since then, many tools have been created. Most of them are home-grown such as PF_RING and nProbe, others orphans we adopted such as nDPI. If you are wondering what the next steps in ntop will be, you won’t have to wait too long as soon we’ll introduce two new tools:

  • nDB, a very high-speed index/database for networking data, able to index million records/sec and store hundred of billion of records on a single box with sub second response time (remember that with MySQL-like tools you can insert < 50k records/sec, so 2 orders of magnitude less, not to mention that when you have million of records your DB will be very slow) without requiring typical big-data headaches and costs (data sharding, clusters and distributed systems for storing networking data aren’t the best answer in terms of complexity, and the trend towards cloud-based systems is a way to hide all this mess with a per-service price tag).
  • Embedded ntopng inline for families and businesses, able not just to monitor but to enforce network policies, and complement security features provided by firewalls (that are configurable but unable to stop your printer from doing BitTorrent or your children from accessing inappropriate or malware sites).

We’ll come to this soon. The message is that after 20 years we’re not tired, but we’re looking at the next thing, not for tomorrow but for the years to come. In the past 5 years we have consolidated many technologies ntop developed previously, and because of this we’re now ready to move forward again.

Thanks to all of you who are following our activities since long time, and to those who sent me messages for this anniversary.

PS. We’ll organise a workshop/meetup during Sharkfest EU on Nov 7th, 6 PM. Details will follow, but in the meantime try to be there.