One of the most difficult steps on a monitoring deployment scenario is to choose where is the best point where traffic has to be monitored, and what is the best strategy to observe this traffic. The main options are basically: Port Mirroring/Network Tap NetFlow/sFlow Flow Collector Port Mirroring/Network Tap Port mirroring (often called span port) and […]
ntopConf 2019 Retrospective
On May 8-9th we have organised our yearly event, in Padova, Italy. The first day was dedicated to training and the second day to the conference. Overall about 150 people attended the event, and we’re glad of it. Our gratitude goes to the speakers, Wintech that took care of logistics, and to all those that […]
Monitoring Containerised Application Environments with eBPF
Earlier this week ntop and InfluxData held a joint webinar about monitoring containerised applications. We have discussed solution for monitoring both legacy (e.g. non-containerised) and containerised applications, what are the technologies we can use. As most of you know, we have developed libebpfflow that is an open source library for generating IPFIX-like flows not using packets but […]
Detecting Hidden Hosts and Networks on your (shared) LAN
In theory on switched networks each portion of a LAN is independent. This means that for instance that network 192.168.1.0/24 and 192.168.2.0/24 are using different switch ports that communicate through a router, and also that are not sharing the same physical network. Unfortunately sometimes people violate this principle by putting on the same physical port […]
Introducing libebpfflow: packet-less network traffic and container visibility based on eBPF
As previewed during our FOSDEM 2019 talk, this is to introduce libebpfflow a new library for enabling network traffic and container visibility based on eBPF. Designed to be CPU and memory friendly (its presence it is almost unnoticeable) , it allows people to inspect network communications inside a system. It provides visibility for processes users […]
How to Detect Malware Hosts and Scanners Using ntopng
Hosts directly connected to the Internet are often contacted by scanners and malware hosts. Since a few releases ntopng integrates a blacklist that is refreshed daily. Whenever a host part of this list contacts your ntopng instance and alert is triggered and displayed in the flow alerts. This feature allows you to see who has […]
Network Traffic Analysis in ntopng (a.k.a. ntopng 2019 Roadmap)
Aut viam inveniam aut faciam, Hannibal 247-182 B.C. For years ntopng has been a solution for collecting, analysing and visualising network traffic, but with a major limitation. It is too rich in data display and reporting that users needs to be experts in know what they are looking for. If not, they will be lost […]
ntop at FOSDEM 2019: eBPF and High-Resolution Metrics
Hi all, this is to invite all of our community to meet the ntop team at FOSDEM 2019, later this week-end. We have two talks scheduled and we’ll be taking about system visibility and high-resolution network monitoring. Below you can find the talk schedule as well the presentation slides we’ll be using for our presentations. […]
Introducing nDPI 2.6: several new dissectors, DPDK and Hyperscan support
This is to announce the release of nDPI 2.6. Several dissectors have been improved and a few new ones have been added, as well we have improved the detection logic (this in case we have to guess the protocol due to incomplete data). This is also the first release of nDPI that natively supports Intel […]
Use Remote Assistance to Connect to ntopng Instances
A problem same ntop users how to face with, is the ability to remote access a ntopng instance running behind a firewall. This can be solved using a VPN or other means that often require to deploy an additional network service. Some of our ntop users are familiar with n2n, an open source peer-to-peer VPN […]