Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications. Remote capture with nTAP.
100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format with nanosecond resolution. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
NetFlow v5/v9/IPFIX data export and collection with nProbe, an extensible probe with plugins support for L7 content inspection. 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration with nProbe Cento.
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD and Influx format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI. Identity Management with Firewalls and Active Directory support.
Maybe not all of you know that ntopng powers in some popular monitoring systems such as CheckMK and Centreon. The integration is made possible through the ntopng REST API (REST stands for REpresentational State Transfer) that allows developers to manipulate … Continue reading →
What is OT, ICS, SCADA ? Operational Technology (OT) refers to computing systems that are used to manage industrial operations or process operations, like water treatment, electrical power distribution or wrapping a chocolate in foil. ntopng supports some Industrial control … Continue reading →
Recently, we have introduced Smart Recording in n2disk to combine Cybersecurity with Packet-to-Disk. In this previous post (and in the documentation) we described the idea behind it and described how to enable it in a few simple steps. For those of you … Continue reading →
This year ntop will turn 25. Our call for speakers for the ntop conference 2023 (Pisa, Sept 21-22) is now open. Deadline is June 30th. We want to hear you voice, experience, projects based on ntop tools and anything that … Continue reading →
We have created nDPI to label network traffic and extract metadata such as the URL or TLS certificate information. nDPI is the layer on top of which ntop applications are sitting. This time we do not want to talk about … Continue reading →
In short Continuous network traffic recorders are applications (or appliances) that write network traffic on disk. In case of issues (e.g. security breach or network outage) they enable network and security analysts to go back in time and see how … Continue reading →
Supporting 64 bit ARM platforms is important because there is now a plethora of inexpensive boards based on this architecture. Thanks to the use of docker containers, several manufacturers allow their devices to take advantage of this technology to run … Continue reading →
A VLAN is a method for partitioning a layer two broadcast domain creating virtual networks of homogeneous systems hence promoting network segmentation. A ethernet port with no VLAN tag is called access port, whereas a switch port with VLAN-tagged packets … Continue reading →
Many ntop products such as ntopng, nProbe, and PF_RING FT just to name a few are based on network flows. However not all our users know in detail what is a network flow, and how it works in practice. This … Continue reading →
Traditionally flow-based tools are based on the 5-tuple attributes (source and destination IP, source and destination port and the protocol field). Often they are complemented with additional attributes such as VLAN or Tunnel Id in order to avoid mixing in … Continue reading →