Many of you are asking professional training, in particular in companies and large installations. Over the years we have produced many software applications that allow you to improve network visibility and block cybersecurity threats. In this over increasing ecosystem, we acknowledge that blog posts and webinars might not be sufficient for everyone. For this reason […]
October 7th: Webinar on ntopng 5.0. You’re invited !
This is to invite you to the webinar about ntopng 5.0 released this summer. The idea is to walk through the new features and possibilities offered by this version. We hope to see you all ! Webinar Content ntopng was initially designed as a tool for real-time network traffic monitoring, with the release 5.0. we […]
HowTo Monitor Traffic in SMEs and Home Networks: A Primer
In the first part of this series of articles, we focused on monitoring ISPs and MSP traffic. Today we analyse network traffic in SMEs and home networks. The typical network layout of a home or a small business is depicted below. The ISP provides a router for connecting to the Internet (e.g. xDSL or […]
How To Configure Flow and Packet Deduplication in nProbe
Sometimes traffic monitoring requires data deduplication as due to topology or hardware constraints there are some network traffic activities that are monitored by multiple devices, and others that are monitored only by a single device. This means that unless some corrections are configured, traffic measurements are wrong and thus useless. Fortunately, we have implemented some […]
HowTo Monitor Customer Traffic in Managed Service Providers and ISPs
ISPs have provided Internet access to customers for years and the only goal was to connect their users to the Internet. Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) deliver network, services and infrastructure on customer premises and have become relatively popular in the past few years. Over time customers started to ask […]
Configuring nDPI Flow Risk Exceptions
One of the newest features of nDPI 4 is the ability to identify flow risks. Unfortunately sometimes you need to add exceptions as some of those risks, while correct, need to be ignored. Examples include: An old device that is speaking an outdate TLS version but that you cannot upgrade, and that you have done […]
nProbe 9.6 Released: IPS, ClickHouse, Observation Points, FreeBSD Support
This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point to enable distributed collection labelling. Added support for collecting and generating flows using Amazon Virtual […]
Introducing nDPI 4.0: DPI for CyberSecurity and Traffic Analysis
This is to announce nDPI 4.0. With this new stable release we have extended the scope of nDPI that was originally conceived as a toolkit for detecting application protocols. nDPI is now a modern library for packet processing that in addition to DPI it includes self-contained, efficient (both in memory and processing speed) streaming versions […]
Collecting Flows from Hundred of Routers Using Observation Points
Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you to create up to 32 virtual flow collection interfaces that can be used to avoid […]
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients in case of some problem is detected. This is the main difference between the ntop […]