Depending on the network topology and configuration, your monitoring tools can receive the same traffic multiple times. This problem is called data duplication. Duplication can happen at packet or flow level: Packet duplication The same packet is received multiple (usually twice) times, either one after the other, or within a short mount of time. Note […]

We continually strive to make the software configuration and management more flexible and easier for the users. To this end, we are excited to announce the launch of a new way of licensing the software feature: the centralised License Manager (LM). This tool simplifies software license management by dynamically allocating licenses to various application instances […]

ntopng is not typically classified as an Intrusion Detection System (IDS) in the traditional sense, but it does have some features that overlap with IDS functionalities. Let me explain the differences and how ntopng might serve a similar role: What is ntopng? ntopng is an open-source network traffic monitoring tool that provides visibility into network […]

In order to assist our community with 24/7 support, we have built an AI/LLM-based bot that has been trained on the ntop documentation (all products including ntopng, nProbe, nDPI…) and blog posts on this website. Currently this service is available in beta version and it is accessible using Discord on our ntop server (read here […]

In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Collection mode: flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use […]

Today we report how ntopng has been used by Alabus AG to improve the corporate security (German version down this page). Enjoy ! PS. ntop users are very welcome to contact us reporting how they use ntop tools. ntop is used as a basis for analyzing the entire network traffic and it generates a very […]

Next year the ntop community will meet in Zürich, Switzerland  for a two days event (training and conference) on May 7 and 8th. As already happened in the past, we want to meet our users and discuss with them what we have done and what are the future directions to take. This event will not […]

Starting with nDPI 4.10, we have introduced a new feature called First Packet Classification (FPC). Goal of this technique is to address one problem of DPI that detects a protocol only when traffic has been dissected. This means that for TLS you need a few packets (usually between 5 and 10) for protocol dissection, as […]

ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in October we have scheduled the next ntop Professional Training session. […]

ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added […]