Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration.
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI, an Open Source DPI framework.
A category list is a control mechanism used to label traffic according to a category. In nDPI, the traffic classification engine on top of which ntop applications are built, there are various categories including (but not limited to) mining malware … Continue reading →
Last week we have talked at ITNOG6 where we presented a report of the lessons learnt while monitoring ISP and service providers networks. This work is the result of one year of activities carried on with some of our users … Continue reading →
Many times traffic analysts receive pcap files containing some traffic to analyse. The usual steps for analysing the pcap file with ntopng have been for a long time: Save the pcap file to disk and upload it to the host … Continue reading →
This is to announce a new product named nTap that implements a software tap, to be used in physical and virtual/containerised environments. Using nTap with ntop applications nTap with Third Party Applications nTap allows you to capture and deliver … Continue reading →
Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy … Continue reading →
Since the introduction of PF_RING ZC drivers for Mellanox/NVIDIA, and the new family of Intel E810 adapters, the activity of selecting the best, cost-effective adapter, based on the use case and the performance we need to achieve, has become more … Continue reading →
ntop users as familiar with concepts such as flow risk and cyberscore. This week we have presented a conference paper [slides] at 2022 IEEE International Conference on Cyber Security and Resilience where we describe in detail what is cyberscore, how … Continue reading →
This is to announce the availability of ntop packages for RedHat EL9 / RockyLinux 9 at packages.ntop.org. This has forced us to change many things in the way we build packages due to the deprecation of the SHA-1 algorithm. Because … Continue reading →
The previous stable release introduced a new persistency layer based on ClickHouse, paving the way for a more flexible yet fast historical data analysis, with its ability to store billion of records (alerts and flows) with limited disk space and very … Continue reading →
nProbe 1.0 was introduced in 2002. After 20 years we are glad to introduce nProbe 10 that introduces several new features and improvements: Agent mode for process monitoring on Linux (eBPF) and Windows Implemented timeseries support for nProbe self-monitoring and … Continue reading →