Last year we have announced the integration of ClickHouse, an open source high-speed database, with nProbe for high-speed flow collection and storage. Years before we have created nIndex, a columnar data indexing system that we have integrated in ntopng, but that was just an index and not a “real” database. We have selected ClickHouse for […]
HowTo Define nDPI Risk Exceptions for Networks and Domains
In the past couple of years we have added the concept of flow risk in nDPI that allows issues with flows to be detected (for instance expired TLS certificates). Unfortunately we need to silence some of these risk exceptions as some hosts/domain names produce risks that need to be ignored (for instance an outdated device […]
Short ntop Roadmap for 2022
Those who attended our latest 2021 webinar, had a feeling of what are ntop plans for this year. In summary we keep focusing on cybersecurity and visibility, planning to further enhance our existing tools as follows: nDPI: we plan to improve detection new threats and make it more configurable by end users. The idea is […]
A Gentle Introduction To Timeseries Similarity in nDPI (and ntopng)
Introduction Let’s start from the end. In your organisation you probably have thousand of timeseries of various nature: SNMP interfaces, hosts traffic, protocols etc. You would like to know what timeseries are similar as this is necessary for addressing many different questions: Host A and host B are two different hosts that have nothing in […]
ntop tools and Log4J Vulnerability
Recently we have received many inquiries about ntop tools being immune to the Log4J vulnerability. As you know at ntop we take code security seriously, hence we confirm that: In ntop we do not use Java or Log4J. ntop tools are immune to the above vulnerability hence there is no action or upgrade required. Enjoy […]
ntop MiniConf Italia 2021: December 16, 16:00 CET
This year we have organised various online events for our international community. Considered that we have many Italian speaking users we have decided to organise an event in Italian that will take place December 16th. Conference Slides [English] Intro, nDPI, nProbe PF_RING ntopng Conference Video [Italian]
nDPI-based Traffic Enforcement on OPNsense/pfSense/Linux using nProbe
nProbe IPS is an inline application able to both export traffic statistics to NetFlow/IPFIX collectors as well to ntopng, and enforce network traffic using nDPI, ntop’s Deep Packet Inspection framework. This blog post shows you how you can use a new graphical configuration tool we have developed to ease the configuration of IPS rules on […]
Data Aggregation in ntopng: Host Pools vs Observation Points
ntopng allows users to aggregate data according to various criteria. In networking, IP addressing (network and mask/CIDR) and VLANs are typical solutions to the problem of aggregating homogeneous hosts (e.g. when hosts carry on similar tasks). Sometimes these aggregation facilities are not flexible enough to cluster hosts that have the same operating system, or flows […]
n2n 3.0 is Here !
During the last year, long discussed ideas turned into implemented functionalities – adding remarkably to n2n’s rich feature set and each of them worthy of note. The level achieved made us think it justified even a major release. Welcome, n2n 3.0 ! Starting from this stable platform, future versions of n2n’s 3.x series will further […]
Webinar on Traffic Analysis for Cybersecurity: Current State of the Art and Ongoing Developments
On October 28th at 4 PM CET / 10 AM EST we have organised a webinar on cybersecurity. The idea was to describe in detail what we have implemented so far for tackling cybersecurity events, and what are the future plans and ongoing developments. Topics included nDPI traffic analysis: flow risks and Encrypted Traffic Analysis […]