ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Do You Know What Hackers Hide in SSL/TLS?

October 19, 2019

ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta, a technical writer focused on network security and open source … Continue reading →
nProbe Cento 1.10 is Out

October 4, 2019

After nDPI v3 release, today we have rolled out an incremental update of nProbe Cento. In addition to fixing a few issues, we introduce in Cento some of the fingerprints implemented by nDPI so that we can move forward in … Continue reading →
Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

October 4, 2019

Those who though that DPI died with the advent of traffic encryption should play with nDPI v3 that we’re introducing today. As already discussed, the pervasive use of encrypted traffic requires a new mindset when analysing network traffic. We decided … Continue reading →
How Encryption Changed Network Traffic (Monitoring). Finally.

September 27, 2019

For years traffic monitoring tools assumed traffic was in clear text. This because when the Internet was created all the main protocols such as DNS, HTTP, SMTP, Telnet, POP were in clear. With this practice it was easy to report … Continue reading →
Using RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng

September 10, 2019

RFC8520 (Manufacturer Usage Description) specifies what is the intended (from the manufacturer standpoint) network behaviour of a network device. Being it defined in JSON format by the device manufacturer, it can be used for simple single-task devices such as a … Continue reading →
Merging Infrastructure and Traffic Monitoring: Integrating ntopng with Icinga

August 26, 2019

Icinga2 is an open source monitoring system which checks the availability of hosts and services, notifies users of outages and generates performance data for reporting. Thanks to its scalability and extensibility, it has become very popular (as Nagios successor) and … Continue reading →
Packets vs eBPF/System Events: Positioning nProbe vs nProbe Agent

August 23, 2019

nProbe (and ntopng) is a traditional packet-based application, whose lifecycle is Capture a packet and dissect/decode it Update the representation in memory of the network traffic (e.g. the flow table) Export the information Using packets for traffic analysis has several … Continue reading →
Combining Traffic Recording with Visibility at 100 Gbps

August 16, 2019

A few months ago, with ntopng 3.8, we introduced support for continuous traffic recording, that allows you to drill down historical data from the timeseries level up to raw packets. This is useful when troubleshooting a network issue or analysing a … Continue reading →
New Challenges in DPI Protocol Detection

August 15, 2019

In the early Internet days, each network protocol was designed for a specific purpose: SMTP for sending emails, HTTP for the web and so on. In order to make sure that implementations where compliant with the specification, there was an … Continue reading →
Containers and Networks Visibility with ntopng and InfluxDB

August 1, 2019

For a while we have investigated how to combine system and network monitoring in a simple and effective way. In 2014 we have done a few experiments with Sysdig, and recently thanks to eBPF we have revamped our work to … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

Do You Know What Hackers Hide in SSL/TLS?

nProbe Cento 1.10 is Out

Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

How Encryption Changed Network Traffic (Monitoring). Finally.

Using RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng

Merging Infrastructure and Traffic Monitoring: Integrating ntopng with Icinga

Packets vs eBPF/System Events: Positioning nProbe vs nProbe Agent

Combining Traffic Recording with Visibility at 100 Gbps

New Challenges in DPI Protocol Detection

Containers and Networks Visibility with ntopng and InfluxDB

Latest Posts

Upcoming Events