ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Spotting Plaintext Information in Network Protocols

November 8, 2019

In short: encryption does not always mean that all the information exchanged is really encrypted. Another myth is that many people believe that the equation “encryption = security” holds. Unfortunately this is not true. This slide deck we presented at Sharkfest … Continue reading →
Packet-less traffic analysis using Wireshark and libebpfflow

November 7, 2019

If you wonder how you can use Wireshark with containers, you now have a solution. This week we have presented at Sharkfest EU 2019 how we have integrated libebpfflow, our home-grown eBPF-based library for system introspection, with Wireshark. Thanks to … Continue reading →
ntopng & Suricata: Unifying Visibility with Security

October 30, 2019

This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata. In short: Suricata is a great tool for analysing individual flows but It lacks a GUI It is blind to security threats when they use … Continue reading →
New Directions in Network Traffic Security: Homework for 2020

October 23, 2019

Summary With today’s traffic, most network IDSs (NIDS) have severe limitations in terms of visibility and ability to be easily circumvented by malware (for instance running a known service on a non-default port or the other way round), and thus … Continue reading →
Finding a Needle in a Haystack (was Traffic Disaggregation with Sub Interfaces in ntopng)

October 21, 2019

Network traffic moving across a link often contains various types of traffic, for example in large companies it can include a mix of traffic coming from: Employees network Core company servers Guests network Other Analysing the traffic as a whole … Continue reading →
Do You Know What Hackers Hide in SSL/TLS?

October 19, 2019

ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta, a technical writer focused on network security and open source … Continue reading →
nProbe Cento 1.10 is Out

October 4, 2019

After nDPI v3 release, today we have rolled out an incremental update of nProbe Cento. In addition to fixing a few issues, we introduce in Cento some of the fingerprints implemented by nDPI so that we can move forward in … Continue reading →
Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

October 4, 2019

Those who though that DPI died with the advent of traffic encryption should play with nDPI v3 that we’re introducing today. As already discussed, the pervasive use of encrypted traffic requires a new mindset when analysing network traffic. We decided … Continue reading →
How Encryption Changed Network Traffic (Monitoring). Finally.

September 27, 2019

For years traffic monitoring tools assumed traffic was in clear text. This because when the Internet was created all the main protocols such as DNS, HTTP, SMTP, Telnet, POP were in clear. With this practice it was easy to report … Continue reading →
Using RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng

September 10, 2019

RFC8520 (Manufacturer Usage Description) specifies what is the intended (from the manufacturer standpoint) network behaviour of a network device. Being it defined in JSON format by the device manufacturer, it can be used for simple single-task devices such as a … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Spotting Plaintext Information in Network Protocols

Packet-less traffic analysis using Wireshark and libebpfflow

ntopng & Suricata: Unifying Visibility with Security

New Directions in Network Traffic Security: Homework for 2020

Finding a Needle in a Haystack (was Traffic Disaggregation with Sub Interfaces in ntopng)

Do You Know What Hackers Hide in SSL/TLS?

nProbe Cento 1.10 is Out

Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

How Encryption Changed Network Traffic (Monitoring). Finally.

Using RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng

Latest Posts

Upcoming Events