Author: admin

  • Home
  • Articles by: admin
Announce

Introducing libebpfflow: packet-less network traffic and container visibility based on eBPF
As previewed during our FOSDEM 2019 talk, this is to introduce libebpfflow a new library for enabling network traffic and container visibility based on eBPF. Designed to be CPU and memory friendly (its presence it is almost unnoticeable) , it allows people to inspect network communications inside a system. It provides visibility for processes users containers Built from scratch on eBPF, it allows people to develop monitoring applications and network sensors without having to deal with packets. Sounds strange, but this is the idea: how to monitor networks without looking …
ntopng

Identifying Suspicious Flows: Network Issues or Misbehaving Hosts ?
Starting from the latest 3.9 version, ntopng features and handy dropdown menu that allows you to filter flows on the basis of their current TCP state. Being able to filter flows on the basis of their TCP state is particularly useful as it allows to separate the normal flows from those that are suspicious or symptomatic of certain network issues. For example, one can unveil: Flows that only have a client SYN. This can identify clients attempting to connect to a server that is no longer responding (down?) or misbehaving …
ntopng

How to Detect Malware Hosts and Scanners Using ntopng
Hosts directly connected to the Internet are often contacted by scanners and malware hosts. Since a few releases ntopng integrates a blacklist that is refreshed daily. Whenever a host part of this list contacts your ntopng instance and alert is triggered and displayed in the flow alerts. This feature allows you to see who has contacted you with (usually) bad things in mind. Instead, if you want to see in realtime who blacklisted hosts are contacting you, you can click in the hosts menu and select “Blacklisted Hosts” as shown …
ntopng

Network Traffic Analysis in ntopng (a.k.a. ntopng 2019 Roadmap)
Aut viam inveniam aut faciam, Hannibal 247-182 B.C. For years ntopng has been a solution for collecting, analysing and visualising network traffic, but with a major limitation. It is too rich in data display and reporting that users needs to be experts in know what they are looking for. If not, they will be lost with all the data you can find on the web GUI, that is the opposite of what we tried to do. It is now time to go beyond simple threshold analysis, as currently implemented in …
News

ntop at FOSDEM 2019: eBPF and High-Resolution Metrics
Hi all, this is to invite all of our community to meet the ntop team at FOSDEM 2019, later this week-end. We have two talks scheduled and we’ll be taking about system visibility and high-resolution network monitoring. Below you can find the talk schedule as well the presentation slides we’ll be using for our presentations. Merging packets with system events using eBPF [Sat, 11:40 AM, Slides] Augmented Network Visibility with High-Resolution Metrics [Sun, 9:50 AM, Slides] We would like to meet our community and spend some time with you talking …
Announce

Introducing Ubuntu 18 Support for ntopng Edge (nEdge)
After 6 months from the first nedge announcement, as a response to our customers feedback, nEdge now provides brand new features, like the ability to apply policies based on the device type, the RADIUS integration for captive portal users authentication, the ability to add static routes when running in router mode and the programmatic configuration of users and policies. Today, one of the most requested features is finally ready: the support for Ubuntu 18.04! Ubuntu 18.04 is the new LTS stable release of Ubuntu. It adopts a new environment for …
ntop

Honouring System Default Policies on ntop Packages
Many distributions provide mechanisms to let the system administrator decide if the new installed packages should be enabled and/or started automatically. Previously, the ntop services were always enabled and started automatically after the first package installation, regardless of any system preferences. Now the ntop packages rely on system utilities to properly start, stop and restart services after installation in order to correctly honor system policies. Due to the distribution specific defaults, this is now the default behaviour of the services installed by the ntop packages: Debian/Ubuntu Centos 7 Other Started …
Announce

Welcome to ntopng 3.8 with continuous drill down: packets, flows, activities
We are happy to announce ntopng stable 3.8. The is the core of the next 4.0 release as it integrates new features that will be consolidated in the next release scheduled for spring. The main features include: SQL database-free high-speed traffic indexing based on a new home-grown technology. As explained in this post, we managed to store compressed flow information on disk combined with high-speed retrieval. Just add “-F nindex” to ntopng to start using this new feature, currently available in the ntopng enterprise edition. You can read more here. …
n2disk

Drill Down Deeper: Using ntopng to Zoom In, Filter Out and Go Straight to the Packets
ntopng has grown significantly over the past years, providing an increasingly-interesting set of features to support network analysts and troubleshooters in their decisions. Among the most relevant features, it is worth mentioning that timeseries inspection pages have been redesigned and reworked profoundly to facilitate the drill-down of historical data. Similarly, a home-grown high-speed special-purpose flow database has been seamlessly integrated in ntopng to ease the storage and retrieval of historical flows. However, the circle was not really closed. A piece was missing. Something that could take us down to the …
ntopng

Say hello to nIndex: Personal Big Data System for Network Flows
Being able to store network flows is a very challenging task using generic databases. Networks are becoming faster and faster and, nowadays, flow-based analysis tools should store tens, or even hundreds, of thousands of flows per second, to keep up with SME and enterprise demands. Existing tools, such as relational databases, fail to accomplish this task. Unless you have unlimited resources available, tons of RAM and clusters of machines, chances are your database will choke, quickly becoming too slow to enable queries from being performed in a reasonable time. It was incredible …
ntop

Introducing nDPI 2.6: several new dissectors, DPDK and Hyperscan support
This is to announce the release of nDPI 2.6. Several dissectors have been improved and a few new ones have been added, as well we have improved the detection logic (this in case we have to guess the protocol due to incomplete data). This is also the first release of nDPI that natively supports Intel DPDK and also that improves Intel Hyperscan support. Please find below the complete changelog. Enjoy!   Changelog New Supported Protocols and Services New Bitcoin, Ethereum, ZCash, Monero dissectors all identified as Mining New Signal.org dissector New Nest …
nProbe

Measuring ntopng+nProbe Flow Processing Performance
NOTE: this post is outdated. Latest versions of ntopng and nProbe improve performance significantly. New figures are given in this post. In this post we try to analyze the performance of nProbe and ntopng for the collection of NetFlow. ntopng and nProbe will be broken down into smaller functional units and such units will be analyzed to understand the maximum performance of every single task as well as of the overall collection architecture. The machine used for the analysis is equipped with an 4-core Intel(R) Xeon(R) CPU E3-1230 v5 @ 3.40GHz …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe