ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Configuring nDPI Flow Risk Exceptions

August 4, 2021

One of the newest features of nDPI 4 is the ability to identify flow risks. Unfortunately sometimes you need to add exceptions as some of those risks, while correct, need to be ignored. Examples include: An old device that is … Continue reading →
Infrastructure Monitoring: Observing The Health and Status of Multiple ntopng Instances

July 27, 2021

Introduction Quis custodiet ipsos custodes? (Juvenal). In other words: who will guard the guards themselves? If you use ntopng to monitor your network, you also need to make sure ntopng is monitored as in case of failure, ntopng will not … Continue reading →
nProbe 9.6 Released: IPS, ClickHouse, Observation Points, FreeBSD Support

July 26, 2021

This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point … Continue reading →
Introducing nProbe Cento 1.14

July 26, 2021

This is to announce a new release of the ntop’s 100 Gbit probe, nProbe Cento 1.14. In this version we have integrated the latest features from nDPI, the ntop’s Deep-Packet-Inspection engine, that is now 2.5x faster than the previous version. … Continue reading →
Introducing nDPI 4.0: DPI for CyberSecurity and Traffic Analysis

July 26, 2021

This is to announce nDPI 4.0. With this new stable release we have extended the scope of nDPI that was originally conceived as a toolkit for detecting application protocols. nDPI is now a modern library for packet processing that in … Continue reading →
Collecting Flows from Hundred of Routers Using Observation Points

July 22, 2021

Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you … Continue reading →
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng

July 20, 2021

In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients … Continue reading →
NetFlow Collection Performance Using ntopng and nProbe

July 19, 2021

Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and … Continue reading →
How to Collect and Analyse AWS VPC Flow Logs

July 12, 2021

Amazon Virtual Private Cloud (VPC) flow logs and in essence text-based Netflow-like logs consisting of fields that describe the traffic flow. They are often collected on disk and published to S3 buckets or CloudWatch for an AWS-centric monitoring infrastructure (extra … Continue reading →
Handling Traffic Directions with sFlow/NetFlow/IPFIX

July 7, 2021

Network interfaces natively support RX and TX directions, so tools such as ntopng can detect the traffic directions and depict this information accordingly. In the above picture that ntopng shows in the top menubar, TX traffic is depicted in blue … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Configuring nDPI Flow Risk Exceptions

Infrastructure Monitoring: Observing The Health and Status of Multiple ntopng Instances

nProbe 9.6 Released: IPS, ClickHouse, Observation Points, FreeBSD Support

Introducing nProbe Cento 1.14

Introducing nDPI 4.0: DPI for CyberSecurity and Traffic Analysis

Collecting Flows from Hundred of Routers Using Observation Points

NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng

NetFlow Collection Performance Using ntopng and nProbe

How to Collect and Analyse AWS VPC Flow Logs

Handling Traffic Directions with sFlow/NetFlow/IPFIX

Latest Posts

Upcoming Events