ntop – High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware.

ntopng High-speed web-based traffic analysis.
ntopng Edge Make your network a safer place
nDPI Identify hundreds of L7 protocols.
nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier
Get Started! Go to the download page

Packet Capture

Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications.

Traffic Recording

10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format. On-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

nProbe: extensible NetFlow v5/v9/IPFIX probe with plugins support for L7 content inspection. nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

ntop Tools Taxonomy

June 3, 2020

As sometime people is confused about the various options ntopng tools offer, this post is an attempt to clarify them in a single page. Enjoy!
Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

May 28, 2020

In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted traffic analysis techniques to provide TLS traffic visibility. At ntop we have never liked … Continue reading →
How Lockdown Changed Corporate Internet Connectivity

May 21, 2020

Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over. In essence during the lockdown remote workers used very few corporate services via VPN, with relatively light traffic (e.g. … Continue reading →
Webinar: Network Monitoring in Post-Lockdown Days

May 18, 2020

This is to invite our community to a new webinar that will explain how we have enhanced ntopng to take into account network monitoring challenges due to global lockdown. In particular we will show how ntopng can be integrated with … Continue reading →
You’re invited to the future of nDPI: Python, Cybersecurity and Behaviour. May 15th, 4PM CET

May 14, 2020

Hi all, this is to invite you to an open discussion about nDPI, its future. In particular Python bindings, cybersecurity extensions and behaviour analysis. We will meet at 4PM CET (10AM EST) live on the Internet. For those who have … Continue reading →
Using ntop tools (including PF_RING ZC) on Docker

May 13, 2020

Software containers are an elegant way to deploy software applications. If you are wondering if ntop supports software containers the answer is yes. Whenever new stable versions of packages are built, containers hosted on hub.docker.com are automatically updated. Instead if … Continue reading →
Trickbot Malware Analysis Using nDPI and ntopng

May 10, 2020

Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers. A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI … Continue reading →
How Active Monitoring Works in ntopng

May 8, 2020

In v4 we have introduced active monitoring in ntopng and since then we are improving in the 4.1.x development versions. In order to enable it you have to selectd the “System” interface from the top menubar and select “Active Monitoring” … Continue reading →
Implementing Network Visibility in Covid-19 Days

April 16, 2020

Ongoing health emergency demands business to enable employee work from home: call it smart working or (better) remote working. This process puts pressure on the company Internet connection as many (if not all) the activities need to be done remotely. … Continue reading →
ntopng 4.0: A Refreshed Look with Dark Themes!

April 7, 2020

The latest ntopng 4.0 has a renewed look. The main changes we have introduced are: An always-on-top status bar. Key information on the health and status of the network is essential for the analyst and it must be always visible … Continue reading →

ntopng High-speed web-based traffic analysis.

ntopng Edge Make your network a safer place

nDPI Identify hundreds of L7 protocols.

nProbe Cento 100Gbit NetFlow Probe and Traffic Classifier

Get Started! Go to the download page

Packet Capture

Traffic Recording

Network Probe

Traffic Analysis

ntop Tools Taxonomy

Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

How Lockdown Changed Corporate Internet Connectivity

Webinar: Network Monitoring in Post-Lockdown Days

You’re invited to the future of nDPI: Python, Cybersecurity and Behaviour. May 15th, 4PM CET

Using ntop tools (including PF_RING ZC) on Docker

Trickbot Malware Analysis Using nDPI and ntopng

How Active Monitoring Works in ntopng

Implementing Network Visibility in Covid-19 Days

ntopng 4.0: A Refreshed Look with Dark Themes!

Latest Posts

Upcoming Events