Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
Traffic Recording
100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
Network Probe
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration.
Traffic Analysis
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI, an Open Source DPI framework.
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of … Continue reading →
Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools such as Portainer or Kubernetes. When using containers, there are … Continue reading →
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they … Continue reading →
This year the ntop community will meet in Milan, Italy on June 23-24. Conference will take place the first day, whereas the second day will be used for training. We’ll be talking about network traffic monitoring, cybersecurity, and discuss future … Continue reading →
One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow … Continue reading →
Internet censorship is a global phenomenon (see Figure 1) that aims to throttle or entirely block access to certain Internet resources. National or regional governments impose Internet censorship by using sophisticated networking appliances—strategically placed at the edge of their networks … Continue reading →
This is to announce the dates of the ntop conference 2022 that will take place in Milan at UniBocconi: June 23rd conference, 24th training. We are currently looking for speakers as we want to hear your voice. Topics include (but … Continue reading →
This is to announce that the next ntop professional training will take place in May 2022. All those who are using ntop tools for business are invited to attend this session. The idea is to divide the training in 5 … Continue reading →
ntopng users are familiar with the search box present at the top of each page. It was originally designed to find hosts and jump to their details page. Over the years we have added a lot of new information in … Continue reading →
Alerts in ntopng are the result of traffic analysis based on checks. Checks detect that specific indicators on traffic require attention: for instance a host whose behavioural score has exceeded a given threshold or a flow that is exfiltrating data. … Continue reading →