ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

July 1, 2020

Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →
Howto Build a 100 Gbit (Drop-Free) Continuous Packet Recorder using n2disk [Part 3]

June 15, 2020

In the first post of this series (part 1) we described how to build a 2×10 Gbit continuous packet recorder using n2disk and PF_RING, in the second post (part 2) we described what hardware is required to scale from 10 Gbit to … Continue reading →
Howto Identify and Block Telegram-based Botnets

June 10, 2020

Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading →
ntop Tools Taxonomy

June 3, 2020

As sometime people is confused about the various options ntopng tools offer, this post is an attempt to clarify them in a single page. Enjoy!
Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

May 28, 2020

In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted traffic analysis techniques to provide TLS traffic visibility. At ntop we have never liked … Continue reading →
How Lockdown Changed Corporate Internet Connectivity

May 21, 2020

Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over. In essence during the lockdown remote workers used very few corporate services via VPN, with relatively light traffic (e.g. … Continue reading →
Webinar: Network Monitoring in Post-Lockdown Days

May 18, 2020

This is to invite our community to a new webinar that will explain how we have enhanced ntopng to take into account network monitoring challenges due to global lockdown. In particular we will show how ntopng can be integrated with … Continue reading →
You’re invited to the future of nDPI: Python, Cybersecurity and Behaviour. May 15th, 4PM CET

May 14, 2020

Hi all, this is to invite you to an open discussion about nDPI, its future. In particular Python bindings, cybersecurity extensions and behaviour analysis. We will meet at 4PM CET (10AM EST) live on the Internet. For those who have … Continue reading →
Using ntop tools (including PF_RING ZC) on Docker

May 13, 2020

Software containers are an elegant way to deploy software applications. If you are wondering if ntop supports software containers the answer is yes. Whenever new stable versions of packages are built, containers hosted on hub.docker.com are automatically updated. Instead if … Continue reading →
Trickbot Malware Analysis Using nDPI and ntopng

May 10, 2020

Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers. A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

Howto Build a 100 Gbit (Drop-Free) Continuous Packet Recorder using n2disk [Part 3]

Howto Identify and Block Telegram-based Botnets

ntop Tools Taxonomy

Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

How Lockdown Changed Corporate Internet Connectivity

Webinar: Network Monitoring in Post-Lockdown Days

You’re invited to the future of nDPI: Python, Cybersecurity and Behaviour. May 15th, 4PM CET

Using ntop tools (including PF_RING ZC) on Docker

Trickbot Malware Analysis Using nDPI and ntopng

Latest Posts

Upcoming Events