• Ntop at Caltech: Network Security Monitoring

    It is a pleasure to report the feedback of Greg, one our many long-time users, who reported on LinkedIn how ntop tools have been used to monitor Caltech traffic. Enjoy !

  • ntop Cloud: Security Design and Architecture

    In late 2023 we have announced the beginning of a new project we have called ntop Cloud. The first goal of this project is to enable ntop applications to communicate regardless of the network topology where they are deployed, This in a secure way. In essence we want to create a new network overlay that […]

  • Announcing ntop Professional Training: May 2024

    ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in May we have scheduled the next ntop Professional Training session. […]

  • How Historical Traffic Behaviour Analysis Works

    In ntopng we have implemented various techniques for analysing historical traffic. This post shows you the options available: In timeseries you can see the current traffic rate (line) or the traffic rate of the previous period of time (dotted). This allows you to visually analyse when traffic deviates from previous period of time (see for […]

  • DoS Detection Using ntopng and NetFlow/IPFIX

    Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy !

  • How ntopng Host Traffic Accounting Works

    Despite ntop has implemented rich network metrics over the years, the two most important metrics that people keep asking us are volume (how much) and time (how long).  Timeseries offer a quick view of the traffic and allow people to immediately spot traffic peaks or absence of transmissions. They are good for traffic analysis but […]

  • Introducing nBox Mini

    As previously announced, we have added a new entry in the nBox product list: the nBox Mini. This is a small rugged device with 1 and 2.5 Gbit Ethernet port designed to be used as turn key solutions for monitoring small-mid size networks (typically up to 255 hosts), it is preconfigured to accept mirrored traffic […]

  • How we have Decreased ntopng Memory Usage by more than 60%

    In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before […]

  • HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces

    Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with […]

  • ipt_geofence: Protecting Networks using Geofencing, Blocklists and Service Analysis

    Last week the ntop team has organised the network devroom at FOSDEM 2024, that took place in Brussels on Feb 2-3. During the devroom we have presented one tool named ipt_geofence that we have created for protecting our network infrastructure and generate blacklists that can be used with ntop tools (this task is still ongoing). […]

Packet Capture

Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications. Remote capture with nTAP.

Traffic Recording

100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format with nanosecond resolution. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

NetFlow v5/v9/IPFIX data export and collection with nProbe, an extensible probe with plugins support for L7 content inspection. 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration with nProbe Cento.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD and Influx format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI. Identity Management with Firewalls and Active Directory support.