ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Security-Centric Traffic Analysis

October 23, 2020

Days ago we have given a short speak about cybersecurity at an Italian meetup. These are the presentation slides (English) where you can read more about the steps we have taken to make our tools more cybersecurity-oriented. Below you can … Continue reading →
Introducing nProbe Cento 1.12: Combining Visibility and Cybersecurity at 100 Gbit

October 20, 2020

This is to announce the released of cento 1.12 that is a maintenance release for ntop’s 100 Gbit probe. In this version we have integrated support of the latest nDPI features to combine processing speed with latest innovations in application … Continue reading →
Introducing n2disk 3.6: full L7 support, fast flow export, replay rate control

October 20, 2020

This is to announce a new n2disk release 3.6. This release adds full support for indexing and retrieving traffic based on the Layer-7 application protocol. This can now be enabled even when flow export is disabled, and it is possible … Continue reading →
Introducing PF_RING 7.8: ZC support for new Intel adapters and much more

October 19, 2020

This is to announce a new PF_RING major release 7.8. The main changes in this release include: The new ice ZC driver supporting E800 Series 100 Gigabit Intel adapters. Hardware timestamp support for packet trailers and keyframes generated by Arista … Continue reading →
Released nDPI 3.4: increased detection speed, statistical analysis, fuzzing, cybersecurity

October 19, 2020

This is to announce the release of nDPI 3.4 that is a major step ahead with respect to 3.2: Detection speed has been greatly optimised Many new functions for statistical protocol analysis have been introduced. This is to expand nDPI … Continue reading →
A Step-by-Step Guide on How to Write a ntopng Plugin from Scratch

October 15, 2020

In ntopng you can write plugins to extend it with custom features. This short tutorial explains you how to do that step-by-step. Here we drive you through the creation of a plugin for generating alerts when an unexpected DNS server … Continue reading →
Using ElasticSearch to Store and Correlate Ntopng Alarms

October 14, 2020

With the introduction of ntopng endpoints and recipients, it is now possible to handle alerts in a flexible fashion by means of recipients. ntopng embeds a SQLite database for turn-key alert storage and reporting. However in large organizations with many … Continue reading →
Using ntopng Recipients and Endpoints for Flexible Alert Handling

October 12, 2020

In the latest ntopng 4.1.x versions (and soon 4.2) we have completely reworked the way alerts are delivered to subscribers. Up to 4.0 the ntopng engine was configured in a single way for all alerts: go to the preferences page … Continue reading →
How Great Hashing Can (More Than) Double Application Performance

October 5, 2020

Most ntop applications (ntopng, nProbe, Cento) and libraries (FT) are based on the concept of flow processing, that merely means keeping track of all network communications. In order to implement this, network packets are decoded and, based on a “key” … Continue reading →
How to Dump, Index, and Layer-7 Filter Network Traffic at High Speed

September 17, 2020

n2disk is an application that many of the ntop community uses to dump traffic up to 100 Gbit. What few people know is that n2disk can index data not just using packet header information (i.e. IP, port. VLAN, MAC…) but … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Security-Centric Traffic Analysis

Introducing nProbe Cento 1.12: Combining Visibility and Cybersecurity at 100 Gbit

Introducing n2disk 3.6: full L7 support, fast flow export, replay rate control

Introducing PF_RING 7.8: ZC support for new Intel adapters and much more

Released nDPI 3.4: increased detection speed, statistical analysis, fuzzing, cybersecurity

A Step-by-Step Guide on How to Write a ntopng Plugin from Scratch

Using ElasticSearch to Store and Correlate Ntopng Alarms

Using ntopng Recipients and Endpoints for Flexible Alert Handling

How Great Hashing Can (More Than) Double Application Performance

How to Dump, Index, and Layer-7 Filter Network Traffic at High Speed

Latest Posts

Upcoming Events