Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.
This is to announce the release of n2n 2.8 stable. This release brings significant new features to n2n’s crypto world and offers some compression opportunities. Overall n2n performance has been greatly enhanced, reduced bandwidth usage thanks to data compression, and … Continue reading →
Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often be hidden in the … Continue reading →
This month we’ll meet our community in two different events: When: Thursday, July 16th, 16:00 CET / 10 AM EST What: Live community meeting Where: Discord. You can read more here how to join on the public ntop voice channel for … Continue reading →
Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →
In the first post of this series (part 1) we described how to build a 2×10 Gbit continuous packet recorder using n2disk and PF_RING, in the second post (part 2) we described what hardware is required to scale from 10 Gbit to … Continue reading →
Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading →
In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted traffic analysis techniques to provide TLS traffic visibility. At ntop we have never liked … Continue reading →
Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over. In essence during the lockdown remote workers used very few corporate services via VPN, with relatively light traffic (e.g. … Continue reading →
This is to invite our community to a new webinar that will explain how we have enhanced ntopng to take into account network monitoring challenges due to global lockdown. In particular we will show how ntopng can be integrated with … Continue reading →