• ntopng High-speed web-based traffic analysis.

  • nDPI Identify hundreds of L7 protocols.

  • nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

  • Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.
  • Released nBox 2.6 Now Featuring a New Centralised Manager

    This is to introduce a new nBox stable release 2.6, that includes many security enhancements, a reworked services management system to fully support systemd (available on latest CentOS/Ubuntu releases), and the new NxN user interface to monitor the status of all … Continue reading

  • Introducing n2disk 3.0

    This is to announce n2disk 3.0 that is more than a maintenance release, as it: Consolidates pre-existing functionalities Adds extraction security features that pave the way to GDPR support. Adds flow offload support Simplifies storage management to avoid headaches during … Continue reading

  • PF_RING and Network Namespaces

    Last week we made a couple of presentations at LinuxLab 2017 where we spoke about Containers, focusing on Network Namespaces support in PF_RING, and User and IoT-oriented Network Traffic Monitoring on Embedded Devices. With the advent of Containers, processes isolation has become … Continue reading

  • Announcing ntopng 3.2 – The First Move Towards Active Network Monitoring

    Today we are glad to announce the new 3.2 stable release of ntopng. Among the most important new features available in this release, there is without any doubt an advanced network devices discovery functionality. Historically, ntopng has always been a … Continue reading

  • nProbe 8.2 stable is out – A Wink At Next-Gen ASA Firewalls

    We are pleased to announce that the new 8.2 release of nProbe is out. This release features full Cisco ASA NetFlow support. ASA are industry’s first threat-focused next-generation firewalls that export a rich set of information through NetFlow. Being able to … Continue reading

  • Announcing nDPI 2.2

    Today we are glad to release nDPI stable version 2.2. This minor release present several fixes and adds support for a handful of new protocols. It also features custom application categories to allow users to create personalized mappings between protocols … Continue reading

  • Implementing PF_RING-based Hardware Flow Offload in Suricata

    Last month we have integrated hardware flow offload in PF_RING 7.0. This week Alfredo has presented at Suricon 2017 the integration of hardware flow offload with Suricata and demonstrated that with this technology you can significantly reduce packet drops and … Continue reading

  • Using nDPI to Turn Wireshark Into a Traffic Monitoring Tools

    Last week at Sharkfest EU we have shown how you can use nDPI and Lua scripting to turn Wireshark into a traffic monitoring tool. We remind you that all the ntop contributions to Wireshark are open source and can be found … Continue reading

  • ntop User’s Group Meeting at Shakfest EU 2017

    Those who have not been able to attend our ntop meeting at Sharkfest Europe 2017 can find our presentation slides below Sharkfest EU 2017 – Intro Sharkfest EU 2017 – hardware-flow-offload Sharkfest EU 2017 – beautiful monitoring with ntopng and … Continue reading

  • Network Device Discovery. Part 1: Active Discovery

    Since its introduction in 1998, ntop(ng) has been a pure (well beside DNS address resolution if enabled) passive network monitoring tool. Recently we have complemented it with active device discovery in order to find out if there are silent devices … Continue reading