Author: admin

ntopng

9 Reasons You Should Use Ntopng on Your Raspberry Pi

This XDA article has published an interesting article about ntopng on rPI. In particular: Learn and experiment with networking It’s a low-power solution It integrates with other network tools (e.g. Zabbix or Nagios) Optimize your home network traffic Analyze historical network data Manage bandwidth and QoS settings Capture and analyze network packets (via nDPI) Detect unauthorized devices and threats Check network activity from anywhere Do you agree? Enjoy ! …
ntopng

Using ntopng as Generic Flow Collector (log files, firewall events, MQTT…)

Most users of our community use ntopng as flow (sFlow/NetFlow/IPFIX) collector with ntop tools such as nProbe or nProbe Cento. From time to time we receive inquiries about using it as generic flow collector for instance reading connection information from the firewall, log files/syslog, MQTT, or cloud formats. This blog post shows you howto do that, ntopng can collect information via ZMQ, so the simplest mechanism is to export data on top of this protocol. ntopng accepts two formats implemented by the nDPI serialization library: binary TLV (all versions) JSON …
ntop

Using ntopng for Teaching Network Monitoring and Administration

ntop believes in education, research, and no-profit and for this reason ntop tools have been them offered free of charge. Today we’re pleased to hear how they have helped young students to monitor and administer networks. Enjoy !     Introduction When teaching network monitoring and administration at the University of Applied Sciences in Fribourg (Switzerland), it is essential to provide tools to our bachelor students in computer science that enable them to observe and analyze traffic in real time. ntopng, an open-source network monitoring solution, is an appropriate choice for …
Announce

Short 2025 Roadmap: QoE, AI in Traffic Classification, Distributed Architecture, SuperNICs

As usual, we’re sharing some details about our 2025 roadmap. We have discusses several working items and distilled a few we can pursue in the coming months. QoE (Quality of Experience) In the past few years we have focused on Cybersecurity and now we want to extend our measurements into a new dimension: quality. ntop tools monitor various metrics such as RTT, latency, jitter.. and now we want to combine them with DPI to creare a quality score that will report how good (from the user experience standpoint) the traffic …
Uncategorized

Meet the ntop Team at FOSDEM, Brussels Feb 1-2

As we did in the past, this year we’re organizing the network devroom at FOSDEM that will take place in Brussels next week-end Sat and Sun February 1-2. Most of ntop team will be there and it will be a great to meet our community. This time we will be talking about nDPI and smart NICs. Furthermore it is a pleasure to also host two invited speakers of popular open source projects: Victor Julien the creator of Suricata IDS Gerald Combs the creator of Wireshark Looking forward meeting you at …
Announce

You’re Invited to PacketFest ’25, Zürich 7-9 May: Where ntop and Wireshark Communities Meet

PacketFest ’25 is a two-day (May 8th and 9th) technical conference in Zurich, Switzerland, bringing together the ntop and Wireshark communities. The event features presentations and workshops on network traffic monitoring, cybersecurity, and open-source technologies, with a focus on practical applications and the latest advancements in ntop and Wireshark tools. Attendees can expect interactive sessions, networking opportunities, and expert insights including the creators of ntop and Wireshark. A pre-conference (May 7th) ntop training day is also offered. Registration fees apply, but students and non-profits can attend free of charge. Registration …
Announce

Released nDPI 4.12: Obfuscated/Encrypted/Proxied Traffic and Fingerprints

This is to announce the release of nDPI 4.12, the first version after our 6 months release cycle announced earlier this year. The main changes of this release include support for encrypted/obfuscated/proxied in particular for OpenVPN and TLS, as well support for network fingerprints presented in November at the Sharkfest conference. For all details see the enclosed changelog.   Enjoy ! nDPI 4.12 (Dec 2024) Major Changes Added detection of encrypted/obfuscated OpenVPN flows (#2547, #2560) Added detection of encrypted/obfuscated/proxied TLS flows (#2553) Implemented nDPI TCP fingerprint (https://github.com/ntop/nDPI/commit/6b6dad4fdb2e60cd2887f7d381bcab2387ba9507) For further details …
ntop

How nDPI Introduced Behaviour Analysis in Suricata

Last week we have attended Suricon 2024, the annual conference about Suricata and presented our work on how nDPI has been integrated with Suricata. At ntop we like to contribute to other open source projects we use and like, such as Suricata and Wireshark. One of the main limitations of Suricata is its inability to monitor many protocols (currently the engine supports ~20 protocols compared to 450+ protocols supported by nDPI) and the lack of behaviour analysis that would very well complement Suricata signature-based analysis. These have been the reasons …
Cybersecurity

A Deep Dive Into Traffic Fingerprints

Last week during SharkFest Europe 2024 we have presented what are network fingerprints and how they work. During the talk we (Luca and Ivan) have described how we have extended nDPI with support of network fingerprints, and how this work has been also integrated in Wireshark. We believe that fingerprints are an interesting technology that can help in better understanding the nature of traffic flows, detect inconsistencies on crafted traffic (e.g. a Windows box that pretends to impersonate an iOS device), and of course in cybersecurity. In the coming months …
ntopng

Introducing ntopng Hosts Activity Monitor

Many users requested us a simple way to visualise hosts activity overtime. In essence have the ability to answer questions like: What hosts were active during the week-end When a host is using most of the network. What hosts were active when a certain event happened. This is what hosts activity monitor does. In the dev branch, ntopng has been enhanced with a new menu entry under the hosts page, that shows in a heatmap the activity of local hosts. From the menubar it is possible to specify an arbitrary …
nProbe

How To Implement Packet and Flow Deduplication

Depending on the network topology and configuration, your monitoring tools can receive the same traffic multiple times. This problem is called data duplication. Duplication can happen at packet or flow level: Packet duplication The same packet is received multiple (usually twice) times, either one after the other, or within a short mount of time. Note that this has nothing to do with TCP data retransmission that is a totally different scenario. Flow duplication Two or more flow-devices observe the same traffic, and emit the same flow at the same time. …
Announce

Introducing Centralized License Manager for Dynamic Environments

We continually strive to make the software configuration and management more flexible and easier for the users. To this end, we are excited to announce the launch of a new way of licensing the software feature: the centralised License Manager (LM). This tool simplifies software license management by dynamically allocating licenses to various application instances running within your network. The LM is another option you can use in addition to “traditional” systemId-based licenses that we use today. What is the centralised License Manager? Managing software licenses across multiple instances within …