ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Introducing n2n 2.8: Modern Crypto and Data Compression

August 12, 2020

This is to announce the release of n2n 2.8 stable. This release brings significant new features to n2n’s crypto world and offers some compression opportunities. Overall n2n performance has been greatly enhanced, reduced bandwidth usage thanks to data compression, and … Continue reading →
Mice and Elephants: HowTo Detect and Monitor Periodic Traffic

August 4, 2020

Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often be hidden in the … Continue reading →
July 16th and 24th: Community Meeting and Webinar Announcement

July 14, 2020

This month we’ll meet our community in two different events: When: Thursday, July 16th, 16:00 CET / 10 AM EST What: Live community meeting Where: Discord. You can read more here how to join on the public ntop voice channel for … Continue reading →
Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

July 1, 2020

Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →
Howto Build a 100 Gbit (Drop-Free) Continuous Packet Recorder using n2disk [Part 3]

June 15, 2020

In the first post of this series (part 1) we described how to build a 2×10 Gbit continuous packet recorder using n2disk and PF_RING, in the second post (part 2) we described what hardware is required to scale from 10 Gbit to … Continue reading →
Howto Identify and Block Telegram-based Botnets

June 10, 2020

Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading →
ntop Tools Taxonomy

June 3, 2020

As sometime people is confused about the various options ntopng tools offer, this post is an attempt to clarify them in a single page. Enjoy!
Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

May 28, 2020

In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted traffic analysis techniques to provide TLS traffic visibility. At ntop we have never liked … Continue reading →
How Lockdown Changed Corporate Internet Connectivity

May 21, 2020

Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over. In essence during the lockdown remote workers used very few corporate services via VPN, with relatively light traffic (e.g. … Continue reading →
Webinar: Network Monitoring in Post-Lockdown Days

May 18, 2020

This is to invite our community to a new webinar that will explain how we have enhanced ntopng to take into account network monitoring challenges due to global lockdown. In particular we will show how ntopng can be integrated with … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Introducing n2n 2.8: Modern Crypto and Data Compression

Mice and Elephants: HowTo Detect and Monitor Periodic Traffic

July 16th and 24th: Community Meeting and Webinar Announcement

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

Howto Build a 100 Gbit (Drop-Free) Continuous Packet Recorder using n2disk [Part 3]

Howto Identify and Block Telegram-based Botnets

ntop Tools Taxonomy

Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

How Lockdown Changed Corporate Internet Connectivity

Webinar: Network Monitoring in Post-Lockdown Days

Latest Posts

Upcoming Events