FOSDEM is the leading open source conference in Europe and it will take place this week-end in Brussels, Belgium. As we have developed open source software since 20 years, we believe we have right to belong to this community. This year we’ll have a stand on Sunday (Building K – Level 2) and also a […]
Encrypted Traffic Analysis: A Primer
Monitoring encrypted traffic is must for providing visibility in modern traffic. Due to this we’ve put a lot of energy in extending nDPI so that it could be useful in this context. DPI (deep packet inspection) however is not enough for complete visibility, and thus we have started to add classification techniques and algorithm to […]
Introducing Automatic Package Update in ntopng
One of the most useful features in applications, is the ability to Update the application with a matter of click with no need to move to the terminal console. Instruct the system to update the application as a new version is available. We have realised that many of our users missed this feature in ntopng […]
Rethinking Network Flow Visualisation
Traffic monitoring applications often aggregate traffic in flows, that in essence is a way to divide traffic according to a 5-tuple key (Protocol, IP/port source/destination). Flows are then aggregated for instance according to IP address or protocol, and often represented with timeseries as the one below. What is missing in all this is how the […]
How to use nDPI from CLI to analyse network traffic
Most people use nDPI indirectly being it part of ntopng and many other non-ntop developed tools. However not many people know that nDPI can also be used from the command line to analyse network traffic. This is useful to create scripts to automate detection of specific issues. ndpiReader is a testing tool used to demonstrate […]
Exploring Physical Network Topologies Using ntopng
ntop tools are known for monitoring network traffic. However this traffic has to flow on physical networks and thus it is important to understand the physical network layout. LLDP (Link Layer Discovery Protocol) is a network protocol used to dynamically build network topologies and identify network device neighbours. In the latest ntopng dev build (that […]
Spotting Plaintext Information in Network Protocols
In short: encryption does not always mean that all the information exchanged is really encrypted. Another myth is that many people believe that the equation “encryption = security” holds. Unfortunately this is not true. This slide deck we presented at Sharkfest Europe 19 shows in practical terms what information is sent in clear text in popular […]
Packet-less traffic analysis using Wireshark and libebpfflow
If you wonder how you can use Wireshark with containers, you now have a solution. This week we have presented at Sharkfest EU 2019 how we have integrated libebpfflow, our home-grown eBPF-based library for system introspection, with Wireshark. Thanks to our work it is now possible to analyse traffic in containerised environments with just a […]
ntopng & Suricata: Unifying Visibility with Security
This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata. https://youtu.be/g7NFjeSQG0c In short: Suricata is a great tool for analysing individual flows but It lacks a GUI It is blind to security threats when they use non-standard ports It is mostly blind to encrypted traffic It does not provide a […]
New Directions in Network Traffic Security: Homework for 2020
Summary With today’s traffic, most network IDSs (NIDS) have severe limitations in terms of visibility and ability to be easily circumvented by malware (for instance running a known service on a non-default port or the other way round), and thus need to be used together with traffic analysis applications to produce a comprehensive view of […]