General

ntop tools are totally passive but they occasionally perform some active traffic to operate. Knowing the list of these IP/hosts can help to make sure the firewall infrastructure is ntopng-friendly If you are using ntopng on a site with no Internet access, ntopng might be slow. For this reason we invite you start ntopng with –offline to disable Internet access to the above sites. …

In order to join public discussion channels you need first to install discord or connect to it using a web browser. Then you need to create a discord account for logging into discord. Once there you need to join the ntop server clicking on this link In particular for voice channels and joining public discussions, you need to click on the “public” channel under the voice channel as shown in the picture below Once there you are in the public voice channel so if you speak everyone can hear you. At the bottom …

Up to release 3.6 ntopng on Unix systems is using ‘/var/tmp/ntopng’ as default directory for storing historical data, and ‘nobody‘ as default user. Since ntopng 3.7, for security reasons, the default setting for the data directory has been changed to ‘/var/lib/ntopng’, and the default user has been changed to ‘ntopng‘ (which is created during package installation if you are installing from our repositories, otherwise it keeps using ‘nobody‘). In order to maintain backward compatibility, if you are already using ‘/var/tmp/ntopng’ as data directory, ntopng keeps using that folder, owned by ‘nobody‘. This …

Exporting traffic data in NetFlow takes some bandwith that can be pre-computed using various methods. Below you can find two calculators you can find to estimate it: …

PF_RING ZC is made of two components: kernel drivers and user-space library. The kernel driver is released in source format as part of PF_RING, whereas the user-space library is released in binary format and it requires a per-MAC licenses. …

In a globalized world where components coming from many countries need to be packaged together, ntop is unique as the products are home-grown with no dependencies on third parties. This means fast application development/customization and support directly from the source. ntop has been around for over 10 years now, it has proven to be a innovative product and we are here to stay! …

By default nProbe tries to emulate a switched environment even if a mirror packet stream is used. For this reason both input and output interfaces are set to the last two bytes of the MAC address of the packet that is part of the flow. While this is a nice property, it is not likes by some netflow collectors that instead rely on static/physical interface numbers. nProbe supports this, however you need to understand first how interfaceId works on NetFlow and how to set it on nProbe. The netflow id …

PagerDuty is a popular incident-response platform that allows problem notifications to be delivered in a flexible way to the correct team member. We have integrated it in ntopng Enterprise and this post shows you howto configure it. First of all you need to create a PagerDuty account and select a plan (there is a free one you can choose). Done that within PagerDuty you need to select “Event Orchestration” from the “Automation” menu and create a new event orchestration. Below you can see an example. Once you saved it click on …