This is a report from one of our users from the field, who decided to use ntopng to monitor a large network. Many thanks to Bjorn for sharing this information with our community. Our network Jessa Ziekenhuis is one … Continue reading
Howto use Kafka (instead of ZMQ) For Reliable Flow Collection and IPC
Historically, we have used ZMQ for interconnecting nProbe to ntopng, as this is a fast and simple messaging system. However one of they key advantage of ZMQ of being broker-less is sometime a problem. In case of maintenance, traffic peaks, … Continue reading
ntop Professional Training: November 2022
ntop tools are continuously evolving and getting extended in order to take into account new requirements. Every new release adds many new features that needs to be mastered. In addition to this, new users demand professional training to quickly learn … Continue reading
Malware Traffic Analysis in ntopng
ntop users have started to use our tools for malware analysis as contrary to packet sniffers or text-based security tools, ntopng comes with a web interface that simplifies the analysis. For this reason we have recently: Added the ability to … Continue reading
Using Blacklists to Catch Malware Communications Using ntopng
A category list is a control mechanism used to label traffic according to a category. In nDPI, the traffic classification engine on top of which ntop applications are built, there are various categories including (but not limited to) mining malware … Continue reading
Traffic Monitoring and Enforcement for ISPs and Service Providers
Last week we have talked at ITNOG6 where we presented a report of the lessons learnt while monitoring ISP and service providers networks. This work is the result of one year of activities carried on with some of our users … Continue reading
HowTo Use ntopng for Pcap Analysis
Many times traffic analysts receive pcap files containing some traffic to analyse. The usual steps for analysing the pcap file with ntopng have been for a long time: Save the pcap file to disk and upload it to the host … Continue reading
Introducing nTap: a Virtual Tap for Monitoring and Cybersecurity (including Wireshark, Suricata, Zeek, OpenvSwitch)
This is to announce a new product named nTap that implements a software tap, to be used in physical and virtual/containerised environments. Using nTap with ntop applications nTap with Third Party Applications nTap allows you to capture and deliver … Continue reading
HowTo Implement Flow Relay, Replication and Fanout with nProbe
Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy … Continue reading
HowTo Select the Right Network Adapter for Traffic Monitoring and Cybersecurity
Since the introduction of PF_RING ZC drivers for Mellanox/NVIDIA, and the new family of Intel E810 adapters, the activity of selecting the best, cost-effective adapter, based on the use case and the performance we need to achieve, has become more … Continue reading