Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.
This is to announce a new PF_RING major release 7.6. Besides bug fixes and drivers updates to improve compatibility with latest kernels (including those shipped with Debian 10 and CentOS 8) this release includes many enhancements to the PF_RING FT … Continue reading →
This is to announce the new stable release of nDPI 3.2. The main trend of nDPI is to move from “simple” application protocol detection towards behavioral traffic interpretation. This has been implemented with the integration of modules for detecting attacks … Continue reading →
This year the annual ntop conference will take place in Milano, Italy on June 9-10, at Università Bocconi, one of the most prestigious university in Italy. As usual the first day will be used to train people on ntop tools … Continue reading →
JA3 is a popular method to fingerprint TLS connections used by many monitoring tools and IDSs. JA3 focuses on encryption options specified during TLS connection setup to fingerprint the encryption library used by the application. Image courtesy of Cisco So … Continue reading →
This February we’ll introduce ntopng v4 and we’re starting to write some blog posts to preview the new features. Let’s start with the user interface. Since v1 the UI has always been the same. People however asked us some more … Continue reading →
FOSDEM is the leading open source conference in Europe and it will take place this week-end in Brussels, Belgium. As we have developed open source software since 20 years, we believe we have right to belong to this community. This … Continue reading →
Monitoring encrypted traffic is must for providing visibility in modern traffic. Due to this we’ve put a lot of energy in extending nDPI so that it could be useful in this context. DPI (deep packet inspection) however is not enough … Continue reading →
ntop products have been using geolocation databases provided by MaxMind for a long time, to augment network IP addresses with geographical coordinates (cities, countries) and information on the Autonomous Systems. ntop have been freely packaging and redistributing such databases in … Continue reading →
This is to announce a new n2disk release 3.4. In addition to major performance optimisations with FPGA-based NICs, this release adds new interesting features including the ability to filter traffic based on the application protocol, aggregate traffic from multiple (2+) ZC … Continue reading →
One of the most useful features in applications, is the ability to Update the application with a matter of click with no need to move to the terminal console. Instruct the system to update the application as a new version … Continue reading →