ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI, an Open Source DPI framework.

Malware Traffic Analysis in ntopng

October 5, 2022

ntop users have started to use our tools for malware analysis as contrary to packet sniffers or text-based security tools, ntopng comes with a web interface that simplifies the analysis. For this reason we have recently: Added the ability to … Continue reading →
Using Blacklists to Catch Malware Communications Using ntopng

September 26, 2022

A category list is a control mechanism used to label traffic according to a category. In nDPI, the traffic classification engine on top of which ntop applications are built, there are various categories including (but not limited to) mining malware … Continue reading →
Traffic Monitoring and Enforcement for ISPs and Service Providers

September 19, 2022

Last week we have talked at ITNOG6 where we presented a report of the lessons learnt while monitoring ISP and service providers networks. This work is the result of one year of activities carried on with some of our users … Continue reading →
HowTo Use ntopng for Pcap Analysis

September 15, 2022

Many times traffic analysts receive pcap files containing some traffic to analyse. The usual steps for analysing the pcap file with ntopng have been for a long time: Save the pcap file to disk and upload it to the host … Continue reading →
Introducing nTap: a Virtual Tap for Monitoring and Cybersecurity (including Wireshark, Suricata, Zeek, OpenvSwitch)

September 7, 2022

This is to announce a new product named nTap that implements a software tap, to be used in physical and virtual/containerised environments. Using nTap with ntop applications nTap with Third Party Applications nTap allows you to capture and deliver … Continue reading →
HowTo Implement Flow Relay, Replication and Fanout with nProbe

August 19, 2022

Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy … Continue reading →
HowTo Select the Right Network Adapter for Traffic Monitoring and Cybersecurity

August 17, 2022

Since the introduction of PF_RING ZC drivers for Mellanox/NVIDIA, and the new family of Intel E810 adapters, the activity of selecting the best, cost-effective adapter, based on the use case and the performance we need to achieve, has become more … Continue reading →
What is CyberScore and How it Works: a Technical Overview

July 29, 2022

ntop users as familiar with concepts such as flow risk and cyberscore. This week we have presented a conference paper [slides] at 2022 IEEE International Conference on Cyber Security and Resilience where we describe in detail what is cyberscore, how … Continue reading →
Introduced RHEL/RockyLinux 9 support (and new GPG Package Signing Keys)

July 27, 2022

This is to announce the availability of ntop packages for RedHat EL9 / RockyLinux 9 at packages.ntop.org. This has forced us to change many things in the way we build packages due to the deprecation of the SHA-1 algorithm. Because … Continue reading →
Welcome to ntopng 5.4: Enhanced Traffic Analysis and Cybersecurity

July 7, 2022

The previous stable release introduced a new persistency layer based on ClickHouse, paving the way for a more flexible yet fast historical data analysis, with its ability to store billion of records (alerts and flows) with limited disk space and very … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Malware Traffic Analysis in ntopng

Using Blacklists to Catch Malware Communications Using ntopng

Traffic Monitoring and Enforcement for ISPs and Service Providers

HowTo Use ntopng for Pcap Analysis

Introducing nTap: a Virtual Tap for Monitoring and Cybersecurity (including Wireshark, Suricata, Zeek, OpenvSwitch)

HowTo Implement Flow Relay, Replication and Fanout with nProbe

HowTo Select the Right Network Adapter for Traffic Monitoring and Cybersecurity

What is CyberScore and How it Works: a Technical Overview

Introduced RHEL/RockyLinux 9 support (and new GPG Package Signing Keys)

Welcome to ntopng 5.4: Enhanced Traffic Analysis and Cybersecurity

Latest Posts

Upcoming Events