Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you to create up to 32 virtual flow collection interfaces that can be used to avoid […]
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients in case of some problem is detected. This is the main difference between the ntop […]
How to Collect and Analyse AWS VPC Flow Logs
Amazon Virtual Private Cloud (VPC) flow logs and in essence text-based Netflow-like logs consisting of fields that describe the traffic flow. They are often collected on disk and published to S3 buckets or CloudWatch for an AWS-centric monitoring infrastructure (extra AWS charge is necessary). Now suppose that you want to use this information to monitor […]
Handling Traffic Directions with sFlow/NetFlow/IPFIX
Network interfaces natively support RX and TX directions, so tools such as ntopng can detect the traffic directions and depict this information accordingly. In the above picture that ntopng shows in the top menubar, TX traffic is depicted in blue and RX in green. All simple. Now suppose you need to analyse sFlow/NetFlow/IPFIX flows, and […]
How to Spot Unsafe Communications using nDPI Flow Risk Score
nDPI it is much more than a DPI library used to detect the application protocol. In the past year, nDPI has grown in terms of cybersecurity features used to detect threats and network issues leveraging on the concept of flow risk. Each nDPI-analysed flow has associated a numerical flow risk that in essence is a […]
On Network Visibility and Cybersecurity
Today we had the change to talk about network visibility and cybersecurity during an event organised by the Milan Internet Exchange MIX-IT. In this talk we have presented the current state of development in this area at ntop and provided an outlook of some of the features that we’re developing and that will be released […]
May 27th: Webinar on DPI-based traffic enforcement, ntop tools on pfSense/OPNsense
For a long time, ntop mainly focused on passive traffic analysis. As cybersecurity is becoming a main concern for many organisation and individuals, we have boosted our tools by introducing facilities for spotting threats and blocking unsafe traffic. This month we will organise a webinar that will cover two main topics: How to use the […]
Introducing nProbe IPS: 10 Gbit nDPI-based Traffic Policer and Shaper
This is to introduce a new nProbe feature that brings IPS (Intrusion Prevention System) support via nDPI for Linux and FreeBSD (including OPNsense and pfSense). As shown in the picture below, nProbe acts as a transparent bridge (with kernel offload) for applying pass/drop/shape rules to the forwarded traffic. Our goal is to combine the power […]
Combining nDPI and Wireshark for Cybersecurity Traffic Analysis
At the upcoming Sharkfest Europe 2021 we’ll talk about using Wireshark in cybersecurity. Part of the talk will focus on nDPI and Wireshark integration. Since the last release nDPI features flow risk analysis, that is basically a numerical indication of potential risks associated with a network communication ranging from ‘TLS Certificate Expired’ to more complicated […]
Detecting and Analysing Qakbot Traffic Using ntopng
In this post Martin shows how he has used ntopng to detect Qakbot trojan. Many thanks for this contribution. Introduction I am using ntopng for network monitoring quite some time now and I was curios to see, what ntopng would alert when detecting malware. The website malware traffic analysis is a great source for malware […]