Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
Traffic Recording
100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
Network Probe
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration.
Traffic Analysis
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI, an Open Source DPI framework.
ntop users as familiar with concepts such as flow risk and cyberscore. This week we have presented a conference paper [slides] at 2022 IEEE International Conference on Cyber Security and Resilience where we describe in detail what is cyberscore, how … Continue reading →
This is to announce the availability of ntop packages for RedHat EL9 / RockyLinux 9 at packages.ntop.org. This has forced us to change many things in the way we build packages due to the deprecation of the SHA-1 algorithm. Because … Continue reading →
The previous stable release introduced a new persistency layer based on ClickHouse, paving the way for a more flexible yet fast historical data analysis, with its ability to store billion of records (alerts and flows) with limited disk space and very … Continue reading →
nProbe 1.0 was introduced in 2002. After 20 years we are glad to introduce nProbe 10 that introduces several new features and improvements: Agent mode for process monitoring on Linux (eBPF) and Windows Implemented timeseries support for nProbe self-monitoring and … Continue reading →
This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for … Continue reading →
ntopng can export both flows and alerts in Elastic according to the Elastic Common Schema (ECS) format. You can dump flows (not alerts) in Elastic starting ntopng with -F “es;<mapping type>;<idx name>;<es URL>;<http auth>”. For instance you can do ntopng … Continue reading →
This is to announce a new PF_RING release 8.2! This new stable version adds support for a new family of ASIC-based adapters from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 (please check the User’s Guide for the exact list of supported firmwares). This new driver/adapter … Continue reading →
One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana … Continue reading →
Last week the ntopConf 2022 was held in presence in Milan at Bocconi University and about 100 people attended it. Presentation material including slides and videos are available at the conference page so even if you have missed this event … Continue reading →
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of … Continue reading →