Author: admin

  • Home
  • Articles by: admin
ntop

Historical Traffic Analysis at Scale: Using ClickHouse with ntopng
Last year we have announced the integration of ClickHouse, an open source high-speed database, with nProbe for high-speed flow collection and storage. Years before we have created nIndex, a columnar data indexing system that we have integrated in ntopng, but that was just an index and not a “real” database. We have selected ClickHouse for a few reasons: It is open source and developed by a vibrant community. It is very efficient in both speed and size, that were the main features for which we created nIndex. This is very …
nDPI

HowTo Define nDPI Risk Exceptions for Networks and Domains
In the past couple of years we have added the concept of flow risk in nDPI that allows issues with flows to be detected (for instance expired TLS certificates). Unfortunately we need to silence some of these risk exceptions as some hosts/domain names produce risks that need to be ignored (for instance an outdated device that cannot be replaced and that has been properly protected by the security policies). In ntopng you can disable them clicking on the flow alert that will open a window as the one below,   …
Cybersecurity

Short ntop Roadmap for 2022
Those who attended our latest 2021 webinar, had a feeling of what are ntop plans for this year. In summary we keep focusing on cybersecurity and visibility, planning to further enhance our existing tools as follows: nDPI: we plan to improve detection new threats and make it more configurable by end users. The idea is that endusers can further extend the core via configuration files in order to catch malware or contacts to suspicious/infected hosts. We do not want to turn nDPI into a rule-based tool such as many IDS …
nDPI

A Gentle Introduction To Timeseries Similarity in nDPI (and ntopng)
Introduction Let’s start from the end. In your organisation you probably have thousand of timeseries of various nature: SNMP interfaces, hosts traffic, protocols etc. You would like to know what timeseries are similar as this is necessary for addressing many different questions: Host A and host B are two different hosts that have nothing in common but have the same traffic behaviour. Host C is under attack: who else is also under attack? SNMP interface X and interface Y are load balancing/sharing the same traffic: is their timeseries alike or …
Cybersecurity

ntop tools and Log4J Vulnerability
Recently we have received many inquiries about ntop tools being immune to the Log4J vulnerability. As you know at ntop we take code security seriously, hence we confirm that: In ntop we do not use Java or Log4J. ntop tools are immune to the above vulnerability hence there is no action or upgrade required. Enjoy ! …
Webinar

ntop MiniConf Italia 2021: December 16, 16:00 CET
This year we have organised various online events for our international community. Considered that we have many Italian speaking users we have decided to organise an event in Italian that will take place December 16th. Conference Slides [English] Intro, nDPI, nProbe PF_RING ntopng Conference Video [Italian]   …
Cybersecurity

nDPI-based Traffic Enforcement on OPNsense/pfSense/Linux using nProbe
nProbe IPS is an inline application able to both export traffic statistics to NetFlow/IPFIX collectors as well to ntopng, and enforce network traffic using nDPI, ntop’s Deep Packet Inspection framework. This blog post shows you how you can use a new graphical configuration tool we have developed to ease the configuration of IPS rules on OPNsense. Please note that nProbe IPS is also available on pfSense and Linux where you need to configure it using the configuration file as described later in this post and in the nProbe user’s guide. …
ntopng

Data Aggregation in ntopng: Host Pools vs Observation Points
ntopng allows users to aggregate data according to various criteria. In networking, IP addressing (network and mask/CIDR) and VLANs are typical solutions to the problem of aggregating homogeneous hosts (e.g. when hosts carry on similar tasks). Sometimes these aggregation facilities are not flexible enough to cluster hosts that have the same operating system, or flows originated by the same router/switch. In addition to typical network-based criteria such as IP, VLAN, ntopng implements two more data aggregation facilities. Hosts Aggregation: Host Pools A host pool is a logical aggregation of hosts, …
ntop

n2n 3.0 is Here !
During the last year, long discussed ideas turned into implemented functionalities – adding remarkably to n2n’s rich feature set and each of them worthy of note. The level achieved made us think it justified even a major release. Welcome, n2n 3.0 ! Starting from this stable platform, future versions of n2n’s 3.x series will further promote its versatility while keeping up compatibility. To achieve this, development will mainly focus on areas outside the underlying core hole-punching protocol and will include but probably not be limited to connection handling, management capabilities, …
Webinar

Webinar on Traffic Analysis for Cybersecurity: Current State of the Art and Ongoing Developments
On October 28th at 4 PM CET / 10 AM EST we have organised a webinar on cybersecurity. The idea was to describe in detail what we have implemented so far for tackling cybersecurity events, and what are the future plans and ongoing developments. Topics included nDPI traffic analysis: flow risks and Encrypted Traffic Analysis (ETA). Behavioural traffic analysis. Combining nProbe and ntop with IPS facilities. Beyond nProbe Agent: user and process analysis in monitored flows. For those who have missed the event, here you can find the presentation slides …
tutorials

Introducing ntop Professional Training Service
Many of you are asking professional training, in particular in companies and large installations. Over the years we have produced many software applications that allow you to improve network visibility and block cybersecurity threats. In this over increasing ecosystem, we acknowledge that blog posts and webinars might not be sufficient for everyone. For this reason we have created a professional training service designed for people who want to master ntop products in their daily activities. The idea is to divide the training in 5 session of 90 minutes each, so …
Webinar

October 7th: Webinar on ntopng 5.0. You’re invited !
This is to invite you to the webinar about ntopng 5.0 released this summer. The idea is to walk through the new features and possibilities offered by this version. We hope to see you all ! Webinar Content ntopng was initially designed as a tool for real-time network traffic monitoring, with the release 5.0. we have started its transition from monitoring to an AIOps tool. We wanted to make it more accessible and intelligent, able to analyze network metrics in real-time and collapse tens or even thousands of metrics into …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe