ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta accepted to talk about encryption. Sam is a freelance journalist specializing in US diplomacy and national security, with emphasis on technology trends in cyberwarfare, cyberdefense, […]
nProbe Cento 1.10 is Out
After nDPI v3 release, today we have rolled out an incremental update of nProbe Cento. In addition to fixing a few issues, we introduce in Cento some of the fingerprints implemented by nDPI so that we can move forward in combining security with network metrics. In the coming weeks we’ll benchmark this new release and […]
Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease
Those who though that DPI died with the advent of traffic encryption should play with nDPI v3 that we’re introducing today. As already discussed, the pervasive use of encrypted traffic requires a new mindset when analysing network traffic. We decided to enhance nDPI adding the best traffic analysis techniques available today, in particular Cisco Joy, […]
How Encryption Changed Network Traffic (Monitoring). Finally.
For years traffic monitoring tools assumed traffic was in clear text. This because when the Internet was created all the main protocols such as DNS, HTTP, SMTP, Telnet, POP were in clear. With this practice it was easy to report let’s say the breakdown of DNS response codes, or detect force brute attacks on HTTP […]
Using RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng
RFC8520 (Manufacturer Usage Description) specifies what is the intended (from the manufacturer standpoint) network behaviour of a network device. Being it defined in JSON format by the device manufacturer, it can be used for simple single-task devices such as a printer or an access-point where the device communications are simple and well defined. Typically a […]
Packets vs eBPF/System Events: Positioning nProbe vs nProbe Agent
nProbe (and ntopng) is a traditional packet-based application, whose lifecycle is Capture a packet and dissect/decode it Update the representation in memory of the network traffic (e.g. the flow table) Export the information Using packets for traffic analysis has several positive things including: Ability to analyse traffic using a port mirror/TAP without installing and agent […]
New Challenges in DPI Protocol Detection
In the early Internet days, each network protocol was designed for a specific purpose: SMTP for sending emails, HTTP for the web and so on. In order to make sure that implementations where compliant with the specification, there was an RFC per protocol describing it. If a connection was starting with a protocol, let’s say […]
Introducing nProbe Agent: Packetless, System-Introspected Network Visibility
A few months ago at FOSDEM we introduced the concept of network and container visibility through system introspection and we released an opensource library based on eBPF that can be used for this scope. Based on this technology, we created a lightweight probe, nProbe™ Agent (formerly known ad nProbe mini), able to detect, count and measure all network activities […]
Talking about Network, Service, and Container Monitoring at InfluxDays
Later this week the ntop team will attend InfluxDays, June 13-14, London, UK. We’ll be talking about traffic monitoring in containerised environments, and give you an outlook of our roadmap. If you are attending this event (we’ll have a booth at InfluxDays), or if you live in London and want to meet us, please […]
Released nProbe Cento 1.8
This is to announce the release of nProbe Cento 1.8 stable release. This is a maintenance release where we have made many reliability fixes and added new options to integrate this tool with the latest ntopng developments. We suggest all our users to update to this new release so you can benefit from the enhancements. […]