Author: admin

  • Home
  • Articles by: admin
nDPI

HowTo Monitor Zoom Performance and Video/Call Quality
Zoom is a popular platform for video communications and team collaboration. As many other cloud services, network administrators need to supervise Zoom network traffic usage. DPI toolkits such as nDPI are useful for identifying Zoom traffic for supervising the network bandwidth used by your Zoom calls. Recently we have took advantage of this research work to improve Zoom protocol dissection in order to Recognise Zoom video, audio, and screen sharing streams (previously they were classified just with a generic Zoom label). In addition to existing metrics such as bandwidth or …
Webinar

ntop Webinar on Dec 14th: Community Meeting and Future Plans
Many things have happened this year: new products, several improvements to existing tools, and a lot of new ideas that we want to discuss with our community. For this reason we have organised a webinar on December 14th at 16:00 CET / 10:00 EST for meeting our community, show what we’re doing and plan where we wanna go next year. Below you can find the webinar recording and the presentation slides. Title Speaker Introduction ntop team nDPId Toni Uhlig ntopng in 2022 Matteo Biscosi What’s new with PF_RING and nBox …
ntopng

Introducing Lua-based Host and Flow Behavioural Checks
With ntopng version 5 we have migrated performance sensitive sections of the ntopng engine from Lua to C++. This has enabled ntopng to scale up nicely while reducing resource needs such as CPU and memory. The drawback is that writing behavioural checks in C++ is not something that everyone can do. For this reason we are introducing two (one for Flows and the other for Hosts) behavioural checks that enable the check logic to be written in Lua. In order not to jeopardise the ntopng v5 performance, these checks are …
nProbe

HowTo Deploy nProbe and ntopng on the Cloud
Some of our customers deploy ntopng on the cloud in order to collect flows coming from private nProbe instances often deployed on private networks or clouds. Thanks to ZMQ/Kafka communications, data sent by nProbe to ntopng travel encrypted; this is contrary to many other cloud-based collectors that instead receive clear-text IPFIX/NetFlow flows sent by exporters devices. In this setup ntopng cannot poll the routers as they are on a private networks thus unreachable from ntopng. This means that ntopng cannot poll router interfaces via SNMP and thus to report symbolic …
ntopng

Deploying ntopng at Scale: Jessa Ziekenhuis
This is a report from one of our users from the field, who decided to use ntopng to monitor a large network. Many thanks to Bjorn for sharing this information with our community.   Our network Jessa Ziekenhuis is one of the biggest, non-academic, hospitals in Belgium. Spread over 4 campuses, we manage 3 data centres and about 90 data racks. Combined, this leads us to over 6,000 connected (and active) hosts ranging from laptops, desktops, MRIs, ultrasounds,… Challenges With hundreds of different specialised (medical) applications, (medical) devices, it’s hard …
nProbe

Howto use Kafka (instead of ZMQ) For Reliable Flow Collection and IPC
Historically, we have used ZMQ for interconnecting nProbe to ntopng, as this is a fast and simple messaging system. However one of they key advantage of ZMQ of being broker-less is sometime a problem. In case of maintenance, traffic peaks, or unreliable communications, the ZMQ communication between nProbe and ntopng will drop flows with the result that some data will never reach ntopng. As Apache Kafka is the de-facto standard for messaging communications, we have decided to extend its support from flow egress in nProbe / nProbe Cento, to communication …
Cybersecurity

Malware Traffic Analysis in ntopng
ntop users have started to use our tools for malware analysis as contrary to packet sniffers or text-based security tools, ntopng comes with a web interface that simplifies the analysis. For this reason we have recently: Added the ability to upload a pcap file to ntopng using the web GUI, so that you can analyze traffic traces without the need to transfer them to the ntopng host using SCP or similar protocols. Enhanced the list of nDPI flow risks (47 as of today) with the ability to detect webshells and …
Cybersecurity

Using Blacklists to Catch Malware Communications Using ntopng
A category list is a control mechanism used to label traffic according to a category. In nDPI, the traffic classification engine on top of which ntop applications are built, there are various categories including (but not limited to) mining malware advertisement file sharing video streaming A blacklist is a list of IP addresses or symbolic domain names, that is used to label malicious traffic. These lists are often computed using honeypots, that in essence are hosts or services deployed on a network (usually the Internet) that are easy to break-in …
ntop

Traffic Monitoring and Enforcement for ISPs and Service Providers
Last week we have talked at ITNOG6 where we presented a report of the lessons learnt while monitoring ISP and service providers networks. This work is the result of one year of activities carried on with some of our users who provided feedback and new ideas. In summary we concluded that cybersecurity is a hot topic for these users and that DDoS mitigation is not enough for keeping a network healthy, but that they need tools able to both collect flows and packets, and implement ETA (Encrypted Traffic Analysis) as …
ntopng

HowTo Use ntopng for Pcap Analysis
Many times traffic analysts receive pcap files containing some traffic to analyse. The usual steps for analysing the pcap file with ntopng have been for a long time: Save the pcap file to disk and upload it to the host where ntopng is running. Stop the ntopng service and restart it from shell as ‘ntopng -i uploaded_file.pcap’ Once the analysis is over, stop ntopng, delete the uploaded pcap, and restart ntopng as a service. These steps are too complex for many people, and do not ease the adoption of ntopng …
Announce

Introducing nTap: a Virtual Tap for Monitoring and Cybersecurity (including Wireshark, Suricata, Zeek, OpenvSwitch)
This is to announce a new product named nTap that implements a software tap, to be used in physical and virtual/containerised environments.   Using nTap with ntop applications nTap with Third Party Applications nTap allows you to capture and deliver packets using a secure and encrypted communication channel from remote hosts to a collector host where traffic is received and injected on a virtual interface. In essence nTap allows you to create a virtual interface from which you can receive packets originating from remote hosts. Thanks to this design, all …
nProbe

HowTo Implement Flow Relay, Replication and Fanout with nProbe
Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy collector. Implementing all this is often an expensive exercise with non-ntop solutions, therefore in order to ease migration to ntop tools, we made available in the nProbe package a couple of tools that can implement typical activities such as flow relay, replication and fanout easily. Below you can learn how …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe