Packet Capture

Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications. Remote capture with nTAP.

Traffic Recording

100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format with nanosecond resolution. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

NetFlow v5/v9/IPFIX data export and collection with nProbe, an extensible probe with plugins support for L7 content inspection. 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration with nProbe Cento.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD and Influx format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI. Identity Management with Firewalls and Active Directory support.
  • HowTo Build a 100 Gbit NetFlow Sensor Using nProbe Cento

    When it comes to monitor a distributed network, to get a picture of the Network traffic flowing through the uplinks or on critical Network segments, NetFlow like technologies are usually the answer. nProbe Pro/Enterprise and nProbe Cento are software probes that can be used to build versatile sensors able to export flow information in many […]

  • nDPI: Internals and Frequent Questions

    All ntop tools are based on nDPI but not every use is familiar with nDPI internals. We often receive questions about it, and it’s time to answer frequent questions. Q: How nDPI implements protocol detection? A: nDPI includes a list of protocol dissectors (356 as of today) that are able to dissect protocols such as […]

  • ntopng 6.0 Webinar

    Last week we have released ntopng 6.0 that contains many new features and a redesigned user interface. Goal of this webinar is to walk through this new release and show a demo of all the major changes we have introduced.   These are the presentation slides, and below you can see the video recording. Enjoy […]

  • How ntopng Merges Vulnerability Scan with Traffic Monitoring for Better Cybersecurity

    ntopng was initially designed as a passive traffic monitoring tool. Over the years we have added active monitoring features such as network discovery, SNMP, and now vulnerability scan.  A network vulnerability scanner is a tool designed to identify vulnerabilities (often know as CVEs) in network services such as a web or SSH server by performing […]

  • Welcome to ntopng 6.0: new Dashboard, Vulnerability Scan, Cloud [beta], Periodic Reports, Threshold-based Alerts

    This is to announce ntopng 6.0 a new major release that includes many new features and improvements: ntopng is no longer just a real-time traffic monitoring application: it can now track assets when offline and enable better investigations leveraging on improved historical traffic analysis. Implemented vulnerability reports that can scan hosts, ports, and look for […]

  • nProbe 10.4 is now Available: Cloud Support and Agent Mode

    This is to announce the release of nProbe 10.4. In this version we have made several improvements (including support for new platforms and distributions) as well merged the agent code into the main code base (via -T) on both Linux and Windows. This feature allows you to export (for traffic originated or terminated on the […]

  • nProbe Cento 1.20 Just Released

    This is to announce the release of nProbe Cento 1.20, that is basically a maintenance release that fixes some issues, improved metadata export using nDPI, and adds new platform and distributions support. Below you can find the whole changelog. Enjoy ! Improvements Add ARM support Add support for dumping bad packets (–dump-bad-packets) Add support for […]

  • nDPI 4.8 is Now Available: Better Performance with Less Memory, Fuzzy Robustness, Many New Protocols

    This is to announce the release of nDPI 4.8 that introduces various new protocols (in total 351 protocols and 53 risks), several internal changes to improve packet processing, extension of fuzzing to new components to improve coverage, new algorithms for handling lists with reduced memory and better performance. Protocol changes have been introduced not just […]

  • Threshold vs Statistical Metric Alerts in ntopng

    Threshold alerts and statistical alerts are two different methods for monitoring and detecting unusual or potentially problematic events in various systems, such as network monitoring where anomaly detection is essential. They differ in how they define and identify anomalies: Threshold Alerts Threshold alerts are based on fixed, predefined values or thresholds. You set specific thresholds […]

  • ntopConf 2023 Videos and Slides are Now Available

    The ntop conference and training 2023 was a success: more than 100 people attended it, some of them flying to Italy from other continents. This has been a special event as we have celebrated 25 years since the first release of the original ntop application, and 10 years of ntopng. This was our first international […]