Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.
10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.
nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.
High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.
This is a message for the Italian speaking community willing to attend our 20 years of ntop workshop that will take place in Pisa, Italy, where ntop was born. If there is somebody willing to help us organise a ntop … Continue reading →
ntopng 3.6 release is paving the way to metrics-based traffic analysis. We have finally put ntopng on top of a timeseries-independent layer that allowed us to currently RRD and InfluxDB and in the future other backends. This means that you … Continue reading →
This is to announce the release of nDPI 2.4 that is an incremental release mainly introducing the concept of categories in addition to new dissectors and bug fixes. In a nutshell in order to limit the number of custom protocols … Continue reading →
As announced some months ago, we have resumed the development of n2n, a peer-to-peer VPN we developed some year ago to ease the access to remote ntop installations behind firewalls, that then evolved into a full fledge application. After having … Continue reading →
While tools like github and mailing lists can serve developers and experts, sometimes people look for a quick help. For this reason we have create a new Telegram group called @ntop_community that you can use (even from your desktop and mobile) … Continue reading →
The need to perform on-time and per-second traffic measurements clashes with protocols such as NetFlow where all counters are cumulative with respect to the flow lifetime. So if you have a flow that lasted 2 minutes and moved X bytes, … Continue reading →
One of the main concern of our users is the ability to scale ntopng with a large number of hosts/protocols and hence how to scale time series. As already discussed, RRD has many limitations with the increase of number of … Continue reading →
We discussed many times about the large quantity of work IDSs have to carry on, and the high CPU load they require, this is the case of Suricata due to the thousands of rules that need to be evaluated for … Continue reading →
Last week we have presented two tutorials at the Sharkfest US 2018 edition: sFlow: Theory and practice of a sampling technology [ slides ] Packet monitoring in the days of IoT and Cloud [ slides ] We believe these tutorials are … Continue reading →
Yesterday our friends at InfluxData organised a meetup at their HQ in San Francisco, CA. For all those who have been unable to attend the event, these are the presentation slides so you can learn more about the transition from RRD to … Continue reading →