Author: admin

  • Home
  • Articles by: admin
nDPI

New Challenges in DPI Protocol Detection
In the early Internet days, each network protocol was designed for a specific purpose: SMTP for sending emails, HTTP for the web and so on. In order to make sure that implementations where compliant with the specification, there was an RFC per protocol describing it. If a connection was starting with a protocol, let’s say SMTP, for the duration of the connection that was a SMTP connection meaning that the protocol behind a given connection was persistent for its duration. This in the early days. Unfortunately the modern Internet does …
nProbe

Containers and Networks Visibility with ntopng and InfluxDB
For a while we have investigated how to combine system and network monitoring in a simple and effective way. In 2014 we have done a few experiments with Sysdig, and recently thanks to eBPF we have revamped our work to exploit this technology as well to be able to monitoring containerised environments. Months ago we have shown how to detect, count and measure the network activity which is taking place at a certain host just by leveraging certain functionalities of the linux operating system, without even looking at the traffic …
nProbe

Measuring nProbe ElasticSearch Flow Export Performance
nProbe (via its export plugin) supports ElasticSearch flows export. Setting up nProbe for the ElasticSearch export is a breeze, it just boils down to specifying option --elastic. For example, to export NetFlow flows collected on port 2058 (--collector-port 2058)  to an ElasticSearch cluster running on localhost port 9200, one can use the following nprobe -i none -n none --collector-port 2058 --elastic "flows;nprobe-%Y.%m.%d;http://localhost:9200/_bulk" nProbe will take care of pushing a template to ElasticSearch to have IP fields properly indexed, and will also POST flows in bulk to maximize the performance. Recently …
ntop

System-Introspected Network and Container Visibility: A Quick Start Guide
Recently, we have introduced the concept of network and container visibility through system introspection and also demonstrated its feasibility with an opensource library libebpfflow. In other words, by leveraging certain functionalities of the linux operating system, we are able to detect, count and measure the network activity that is taking place on a certain host. We have published a paper and also presented the work at the FOSDEM 2019 and therefore a detailed discussion falls outside the scope of this post. However, we would like to recall that information we …
ntop

Introducing nProbe Agent: Packetless, System-Introspected Network Visibility
A few months ago at FOSDEM we introduced the concept of network and container visibility through system introspection and we released an opensource library based on eBPF that can be used for this scope. Based on this technology, we created a lightweight probe, nProbe™ Agent (formerly known ad nProbe mini), able to detect, count and measure all network activities taking place on the host where it is running. Thanks to this agent it is possible to enrich the information extracted with a traditional probe from network traffic packets, with system data such as users …
ntop

Talking about Network, Service, and Container Monitoring at InfluxDays
Later this week the ntop team will attend InfluxDays, June 13-14, London, UK. We’ll be talking about traffic monitoring in containerised environments, and give you an outlook of our roadmap.    If you are attending this event (we’ll have a booth at InfluxDays), or if you live in London and want to meet us, please show at the event to contact us so we can arrange an informal meeting and hear from you. We need feedback from our users so that together we can plan the future of ntop. Hope …
cento

Released nProbe Cento 1.8
This is to announce the release of nProbe Cento 1.8 stable release. This is a maintenance release where we have made many reliability fixes and added new options to integrate this tool with the latest ntopng developments. We suggest all our users to update to this new release so you can benefit from the enhancements. New Features Added –json-labels option to print labels as keys with JSON Added –tcp : option to export JSON over TCP export Added –disable-l7-protocol-guess option to disable nDPI protocol guess Support for ZMQ flows export …
nDPI

TLS/SSL Analysis: When Encryption and Safety Are Not Alike
Most people think that SSL means safety. While this is not a false statement, you should not take it for granted. In fact while your web browser warns you when a certain encrypted communication has issues (for instance them SSL certificates don’t match), you should not assume that SSL = HTTPS, as: TLS/SSL encryption is becoming (fortunately) pervasive also for non web-based communications. The web browser can warn you for the main URL, but you should look onto the browser development console for other alerts (most people ignore the existence …
News

Telemetry Data in ntopng: Giving Back to the Community
The latest ntopng 3.9 dev gives you the possibility to choose whether to send telemetry data back to ntop. We collect and analyze telemetry data to diagnose ntopng issues and make sure it’s functioning properly. In other words, telemetry data help us in finding and fixing certain bugs that may affect certain versions of ntopng. And don’t worry, we won’t use any data to try and identify you. However, if you want to, you can decide to provide an email address we can use to reach you in case we …
nProbe

Packets vs Flows: Which Option is the Best?
One of the most difficult steps on a monitoring deployment scenario is to choose where is the best point where traffic has to be monitored, and what is the best strategy to observe this traffic. The main options are basically: Port Mirroring/Network Tap NetFlow/sFlow Flow Collector Port Mirroring/Network Tap Port mirroring (often called span port) and network tap have already been covered on a previous post. They are two techniques used to provide packet access that often are the best way to troubleshoot network issues as packets are often perceived as the …
ntop

ntopConf 2019 Retrospective
On May 8-9th we have organised our yearly event, in Padova, Italy. The first day was dedicated to training and the second day to the conference. Overall about 150 people attended the event, and we’re glad of it. Our gratitude goes to the speakers, Wintech that took care of logistics, and to all those that made this event a success. Below you can find the presentation slides used during the conference. Roberto Pezzile, Mirco CailottoL’uso di Ntop come strumento di monitoraggio Layer 7 per i servizi di full outsourcing [IT] Luca …
ntop

Monitoring Containerised Application Environments with eBPF
Earlier this week ntop and InfluxData held a joint webinar about monitoring containerised applications. We have discussed solution for monitoring both legacy (e.g. non-containerised) and containerised applications, what are the technologies we can use. As most of you know, we have developed libebpfflow that is an open source library for generating IPFIX-like flows not using packets but system events we capture with eBPF. In addition to this, we are developing a new version of the nProbe product family that is able to also exploit Netlink to complement eBPF statistics with traffic counters. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe