Author: admin

  • Home
  • Articles by: admin
ntop

Using ntop tools (including PF_RING ZC) on Docker
Software containers are an elegant way to deploy software applications. If you are wondering if ntop supports software containers the answer is yes. Whenever new stable versions of packages are built, containers hosted on hub.docker.com are automatically updated. Instead if you want to build a custom container, you can use the docker files we maintain. Container support is full, including PF_RING ZC that can natively run on Docker as specified in this document. using a simple command like sudo docker run -v /dev/hugepages:/dev/hugepages --cap-add ipc_lock ubuntu18 pfcount -i zc:99@0 this …
nDPI

Trickbot Malware Analysis Using nDPI and ntopng
Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers.  A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI as follows ndpiReader -i 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap -v 2 -J > /tmp/trickbot.txt Let’s now open the trickbot.txt file and search for “Risk”. This is a tag added to nDPI analysed flows when there is a non-zero security risk associated with the analysed traffic. Most problems include: Obsolete TLS protocol with self-signed certificate …
ntopng

How Active Monitoring Works in ntopng
In v4 we have introduced active monitoring in ntopng and since then we are improving in the 4.1.x development versions. In order to enable it you have to selectd the “System” interface from the top menubar and select “Active Monitoring” from the left “System” menu. On that page you will see a table containing all your measurements. The code has been written in a modular way, so that available measurements can be extended as necessary simply adding a new lua script. As you can see from the measurements source, you …
ntopng

Implementing Network Visibility in Covid-19 Days
Ongoing health emergency demands business to enable employee work from home: call it smart working or (better) remote working. This process puts pressure on the company Internet connection as many (if not all) the activities need to be done remotely. Working from home is a good practice in order to avoid extra personal stress and reduce virus spread, this only if company’s Internet lines have enough capacity to handle all the remote workers. How can you measure this extra traffic (with respect to days before the emergency) and optimise your …
ntop

ntopng 4.0: A Refreshed Look with Dark Themes!
The latest ntopng 4.0 has a renewed look. The main changes we have introduced are: An always-on-top status bar. Key information on the health and status of the network is essential for the analyst and it must be always visible and easily accessible. This is why we have introduced an always-on-top fixed status bar with key information such as network throughput, active hosts, flows, and ongoing alerts. This information was previously placed at the bottom of every page so it was difficult to access it and a lot of scrolling …
ntopng

Active Monitoring in ntopng 4.0: ICMP, ICMPv6, HTTP and HTTPS pings with RTT
The latest stable ntopng 4.0 features a Round Trip Time (RTT) monitor which is capable of pinging hosts on a minute-by-minute basis to check: IP reachability with ICMP and ICMPv6 pings Web servers functionality with HTTP and HTTPS pings Checks account for the RTT, that is, the time it takes to reach a certain host and receive a response from it. ntopng shows all the RTT-monitored hosts under the System Interface   For each monitored host ntopng offers the following information The full URL of the monitored host. The URL …
Announce

Introducing ntopng for MacOS. Finally.
For a long time out MacOS users asked a native ntopng package. Even though we use MacOS and Linux to develop our tools, we didn’t consider important to revamp the MacOS installer (ntopng 1.x has a native MacOS installer) as there are solutions such as brew.sh that allow you to install packages. However such tools are not for all Mac users who not necessarily like to use the command line. Thus we have created a native package that installs in one click all the required components (e.g. Redis) needed by …
ntopng

Extending ntopng by Means of Plugins: A Step-by-Step Tutorial
ntopng v4 has introduced the concept of plugins that are short scripts written in Lua. They allow people to code ntopng extensions for triggering alerts when specific conditions are met, or extend the engine by adding new external data feeds. Possibilities are manyfold. In the next ntopng release we want to simplify the addition of new plugins as well create a public repository for adding them with a matter of clicks. This video tutorial is a step-by-step lesson that shows you how ntopng plugins can be developed. Enjoy! …
Announce

You’re invited to the ntop Virtual Meetup: April 2nd
This is to invite you to join or webinar about ntopng v4. We want to introduce you to the new application features, and assist you with first time installation. This will also be the right time to meet with out community and hear your feedback. We hope this to be just the first meetup. Meetup Slides Meetup Notes ntopng 4.0 – What’s New …
ntop

Say Hello To ntopng 4.0: Cybersecurity, Scripting… and a New User Interface
After over one year of work, we’re proud to announce you that ntopng 4.0 is finally out. In this time we have redesigned ntopng for speed and openness, by breaking apart the existing monolithic C++ engine into a Lua-scriptable micro-engine. This is to enable people to contribute to the project without them being scared of coding in C++. The major breakthroughs we have brought with this release are: A plugin engine that allows anyone with some basic Lua coding skills to tap straight into every single flow, host, or other …
n2n

Introducing n2n 2.6 with AES Encryption
This is to introduce you the latest n2n 2.6 stable release. This is mostly a maintenance release to address the issues of 2.4 that has been the first release since a long time of silence. The main features are AES encryption that features an overall speed bump (12x speed) and security with respect to twofish used in the previous n2n version. Extensive Windows and OpenWRT support. Full peer-to-peer topology support. Stable and more resilient connection. Below you can find the complete changelog.. Enjoy!   Changelog – Add ability to specify …
nProbe

Introducing nProbe 9.0: Traffic Behaviour Analysis and High Speed Flow Collection (Even Behind a Firewall)
This is to introduce nProbe 9.0 stable release whose the two main features are traffic behaviour analysis and high speed flow collection. Traffic Behaviour Analysis When in 2002 nProbe™ development started, the idea was to create a drop-in replacement for physical probes present in routers. Later the advent of IPFIX pushed the monitoring community towards standardisation of flow exports, and promoted interoperability across probes and collectors. Then the market started to ask solutions for visibility (and not just traffic accounting), and we developed nDPI™ for going beyond port and protocols …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe