ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

How to use nDPI from CLI to analyse network traffic

November 23, 2019

Most people use nDPI indirectly being it part of ntopng and many other non-ntop developed tools. However not many people know that nDPI can also be used from the command line to analyse network traffic. This is useful to create … Continue reading →
Exploring Physical Network Topologies Using ntopng

November 19, 2019

ntop tools are known for monitoring network traffic. However this traffic has to flow on physical networks and thus it is important to understand the physical network layout. LLDP (Link Layer Discovery Protocol) is a network protocol used to dynamically … Continue reading →
Spotting Plaintext Information in Network Protocols

November 8, 2019

In short: encryption does not always mean that all the information exchanged is really encrypted. Another myth is that many people believe that the equation “encryption = security” holds. Unfortunately this is not true. This slide deck we presented at Sharkfest … Continue reading →
Packet-less traffic analysis using Wireshark and libebpfflow

November 7, 2019

If you wonder how you can use Wireshark with containers, you now have a solution. This week we have presented at Sharkfest EU 2019 how we have integrated libebpfflow, our home-grown eBPF-based library for system introspection, with Wireshark. Thanks to … Continue reading →
ntopng & Suricata: Unifying Visibility with Security

October 30, 2019

This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata. In short: Suricata is a great tool for analysing individual flows but It lacks a GUI It is blind to security threats when they use … Continue reading →
New Directions in Network Traffic Security: Homework for 2020

October 23, 2019

Summary With today’s traffic, most network IDSs (NIDS) have severe limitations in terms of visibility and ability to be easily circumvented by malware (for instance running a known service on a non-default port or the other way round), and thus … Continue reading →
Finding a Needle in a Haystack (was Traffic Disaggregation with Sub Interfaces in ntopng)

October 21, 2019

Network traffic moving across a link often contains various types of traffic, for example in large companies it can include a mix of traffic coming from: Employees network Core company servers Guests network Other Analysing the traffic as a whole … Continue reading →
Do You Know What Hackers Hide in SSL/TLS?

October 19, 2019

ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta, a technical writer focused on network security and open source … Continue reading →
nProbe Cento 1.10 is Out

October 4, 2019

After nDPI v3 release, today we have rolled out an incremental update of nProbe Cento. In addition to fixing a few issues, we introduce in Cento some of the fingerprints implemented by nDPI so that we can move forward in … Continue reading →
Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

October 4, 2019

Those who though that DPI died with the advent of traffic encryption should play with nDPI v3 that we’re introducing today. As already discussed, the pervasive use of encrypted traffic requires a new mindset when analysing network traffic. We decided … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

How to use nDPI from CLI to analyse network traffic

Exploring Physical Network Topologies Using ntopng

Spotting Plaintext Information in Network Protocols

Packet-less traffic analysis using Wireshark and libebpfflow

ntopng & Suricata: Unifying Visibility with Security

New Directions in Network Traffic Security: Homework for 2020

Finding a Needle in a Haystack (was Traffic Disaggregation with Sub Interfaces in ntopng)

Do You Know What Hackers Hide in SSL/TLS?

nProbe Cento 1.10 is Out

Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

Latest Posts

Upcoming Events