Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
Traffic Recording
100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
Network Probe
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration.
Traffic Analysis
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI, an Open Source DPI framework.
This is to announce a new PF_RING release 8.2! This new stable version adds support for a new family of ASIC-based adapters from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 (please check the User’s Guide for the exact list of supported firmwares). This new driver/adapter … Continue reading →
One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana … Continue reading →
Last week the ntopConf 2022 was held in presence in Milan at Bocconi University and about 100 people attended it. Presentation material including slides and videos are available at the conference page so even if you have missed this event … Continue reading →
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of … Continue reading →
Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools such as Portainer or Kubernetes. When using containers, there are … Continue reading →
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they … Continue reading →
This year the ntop community will meet in Milan, Italy on June 23-24. Conference will take place the first day, whereas the second day will be used for training. We’ll be talking about network traffic monitoring, cybersecurity, and discuss future … Continue reading →
One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow … Continue reading →
Internet censorship is a global phenomenon (see Figure 1) that aims to throttle or entirely block access to certain Internet resources. National or regional governments impose Internet censorship by using sophisticated networking appliances—strategically placed at the edge of their networks … Continue reading →
This is to announce the dates of the ntop conference 2022 that will take place in Milan at UniBocconi: June 23rd conference, 24th training. We are currently looking for speakers as we want to hear your voice. Topics include (but … Continue reading →