ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

How to Dump, Index, and Layer-7 Filter Network Traffic at High Speed

September 17, 2020

n2disk is an application that many of the ntop community uses to dump traffic up to 100 Gbit. What few people know is that n2disk can index data not just using packet header information (i.e. IP, port. VLAN, MAC…) but … Continue reading →
September Webinars: ntopng Scripting and API Integrations

September 9, 2020

Save the date! Two webinars have been planned for the cycle of this month. We start on Thursday, September 17th, 16:00 CEST / 10 AM EST, with “How to Write an ntopng Plugin“. In this workshop, we will see how … Continue reading →
Monitoring Industrial IoT/Scada Traffic with nDPI and ntopng

September 8, 2020

Monitoring Industrial IoT and SCADA traffic can be challenging as most open source monitoring tools are designed for Internet protocols. As this is becoming a hot topic with companies automating production lines, we have decided to enhance ntop tools to … Continue reading →
How Attack Mitigation Works (via SNMP)

August 26, 2020

One of the greatest strengths of ntopng is its ability to correlate data originating at different layers and at multiple sources together. For example, ntopng can look at IP packets, Ethernet frames and, at the same time, poll SNMP devices. … Continue reading →
Introducing PF_RING ZC support for Intel E810-based 100G adapters

August 24, 2020

Last year Intel announced a new family of 100 Gigabit network adapters, code-name Columbiaville. These new adapters, based on the new Intel Ethernet Controller E810, support 10/25/50/100 Gbps link speeds and provide programmable offload capabilities. Programmability 800 Series adapters implement … Continue reading →
How to Detect Domain Hiding (a.k.a. as Domain Fronting)

August 19, 2020

Domain fronting is a technique that was used in 2010s by mobile apps to attempt to bypass censorship. The technique relies on a “front” legitimate domain that basically acts as a pivot for the forbidden domain. In essence an attacker … Continue reading →
Introducing n2n 2.8: Modern Crypto and Data Compression

August 12, 2020

This is to announce the release of n2n 2.8 stable. This release brings significant new features to n2n’s crypto world and offers some compression opportunities. Overall n2n performance has been greatly enhanced, reduced bandwidth usage thanks to data compression, and … Continue reading →
Mice and Elephants: HowTo Detect and Monitor Periodic Traffic

August 4, 2020

Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often be hidden in the … Continue reading →
July 16th and 24th: Community Meeting and Webinar Announcement

July 14, 2020

This month we’ll meet our community in two different events: When: Thursday, July 16th, 16:00 CET / 10 AM EST What: Live community meeting Where: Discord. You can read more here how to join on the public ntop voice channel for … Continue reading →
Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

July 1, 2020

Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

How to Dump, Index, and Layer-7 Filter Network Traffic at High Speed

September Webinars: ntopng Scripting and API Integrations

Monitoring Industrial IoT/Scada Traffic with nDPI and ntopng

How Attack Mitigation Works (via SNMP)

Introducing PF_RING ZC support for Intel E810-based 100G adapters

How to Detect Domain Hiding (a.k.a. as Domain Fronting)

Introducing n2n 2.8: Modern Crypto and Data Compression

Mice and Elephants: HowTo Detect and Monitor Periodic Traffic

July 16th and 24th: Community Meeting and Webinar Announcement

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

Latest Posts

Upcoming Events