Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.
This is to announce nProbe 9.4 stable that is an incremental update of 9.2 released last fall. The goal of this maintenance release is to pave the way to pervasive embedded systems support as we now support OPNsense/pfSense/FreeBSD Soon we’ll … Continue reading →
Creating Grafana dashboards out of ntopng data basically boils down to: Configuring ntopng to export timeseries data to InfluxDB Configuring the Grafana InfluxDB datasource to extract timeseries data from InfluxDB Adding Grafana Dashboards panels with ntopng data This post aims … Continue reading →
Distributed Denial of Service (DDoS) attacks represent a family cyber-attacks that are more and more common nowadays. They aim to make the service unavailable by overwhelming the victim with high traffic volumes (this is the case of volumetric or amplification attacks … Continue reading →
Earlier this month a new highly evasive malware attacker named SunBurst has been disclosed. Immediately some countermeasures have been disclosed and in particular some Snort/Suricata rules have been published. We have analysed the rules trying to figure out if ntop … Continue reading →
This is a reminder for the third and last part of our mini-conference 2020 scheduled for this Thursday, December 10th 4 PM CET/10 AM EST. This time we’ll focus on the latest nProbe and n2disk features and provide a short … Continue reading →
Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel … Continue reading →
This is a reminder for the second part of our mini-conference 2020 scheduled for this Thursday, December 3rd 4 PM CET/10 AM EST. This time we’ll focus on the latest ntopng 4.2 features. We have the pleasure to host our … Continue reading →
SecurityOnion (SO) is a popular Linux distribution for threat hunting and security. It included ElasticSearch as backend for storing alerts as well as Kibana-based web interface. SO includes out of the box a few sensors such as Suricata that is … Continue reading →
The latest generation of network devices are pretty powerful and open. This means that such devices ship with a Linux-based distribution such as OpenWRT or UniFI OS. In these devices it is possible to install third party software as the … Continue reading →
VyOS is a popular open-source router and firewall platform based on Linux, and some of our users asked us to support it natively. This post explains you how to achieve that in a few simple steps. Prerequisites As VyOS is … Continue reading →