Author: admin

  • Home
  • Articles by: admin
nProbe

HowTo Configure Flow Collection in nProbe and ntopng
In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Probe mode. nProbe captures network packets that are converted into flows that are then exported to ntopng. Collection mode. nProbe collects flows produced by a probe such as a router. Flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use custom information elements. In addition nProbe takes care …
ntop

Using ntopng to Improve Corporate Security
Today we report how ntopng has been used by Alabus AG to improve the corporate security (German version down this page). Enjoy ! PS. ntop users are very welcome to contact us reporting how they use ntop tools. ntop is used as a basis for analyzing the entire network traffic and it generates a very large number of daily alerts, which are caused by known and unknown anomalies and then it historizes all network flow data for possible later forensics. As an SME, we do not have the necessary resources …
ntop

Call for Presentations for ntopConference 2025 is Now Open
Next year the ntop community will meet in Zürich, Switzerland  for a two days event (training and conference) on May 7 and 8th. As already happened in the past, we want to meet our users and discuss with them what we have done and what are the future directions to take. This event will not happen without our community hence we are looking for speakers willing to present  interesting use cases, solutions, challenges, report experiences or anything that is relevant for our community. We have selected Zürich as location in …
nDPI

How First Packet Classification (FPC) Works in nDPI
Starting with nDPI 4.10, we have introduced a new feature called First Packet Classification (FPC). Goal of this technique is to address one problem of DPI that detects a protocol only when traffic has been dissected. This means that for TLS you need a few packets (usually between 5 and 10) for protocol dissection, as nDPI has to wait until TLS handshake packets are exchanged. This can be a problem in particular when DPI is used with inline traffic (e.g. on a IPS) as the decision about the application protocol …
ntop

Announcing ntop Professional Training: October 2024
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in October we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 15th, 17th, 22nd, 24th, 29th, 31st of October, 2024 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session lasts …
ntopng

How Historical Flows Replay Works
ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added a new “play” button shown in the picture below. In order to use this new feature, you need to: Select the time span you are interested in (e.g. the last hour) Optionally you can set …
ntopng

Say Hello to ntopng 6.2: Mitre Att&ck, -60% Memory Usage, Historical Flows Replay, Revamped UI, Remediations, Cloud
We’re happy to announce ntopng 6.2, a 10 months long development cycle. We have changed a few things in the UI and under the hood. Many pages as the flow page have been rewritten from scratch for responsiveness and usability Mitre Att&ck has been integrated in alerts, flow risks and  dashboards.As you can see we now have implemented a remediation column that shows you some remediation actions to avoid specific issues to appear again in the future. ntopng 6.2 uses -60% of memory woth respect to 6.0 as already discussed …
nProbe

Released nProbe 10.6: Reworked GTP support, Improved Kafka/ZMQ Export, Several Fixes
This is to announce the release of nProbe 10.6 that includes many changes in a couple of selected areas: Mobile traffic analysis (GTPv1 and GTPv2) and GTP-C/GTP-U correlation has been rewritten to support complexity of modern mobile networks.  nProbe is now more friendly when talking ZMQ/Kafka (hence with ntopng) as it can report various statistics and export of specific information elements has been optimised to improve performance. In addition nProbe supports the latest nDPI version that has been optimised in memory and that features almost 500 application protocols, that is …
nDPI

Released nDPI 4.10: 421 Protocols, 55 Flow Risks, Several Improvements, Getting Ready for FPC
This is to announce the release of nDPI 4.10. This release adds many improvements and new detected protocols. For this reason future releases will be scheduled more often on a 4 or 6 months (hard) basis in order to provide you constant updates on a predictable timeframe, Beside adding many dissectors, this release paves the way towards First Packet Classification (FPC) that is an attempt (for selected protocols) to detect the application protocol DPI at the first packet of a connection. Of course this is a challenge, and it won’t …
nDPI

Positioning ntopng vs nProbe for Traffic Analysis
Recently we have compared the use of nDPI in a realtime application (ntopng) and a near-realtime (nProbe). We have captured a short pcap with some mixed traffic and analysed it with both applications. The expectation was to find comparable results between the two applications, but this happened only partially. This blog posts explains the main differences between the two tools and why there are some discrepancies in results. In our tests, we have configured both nProbe and ntopng to analyze the same pcap and write results on two different ClickHouse …
ntopng

HowTo Extend ntopng with new Host/Flow Checks and Alerts
ntopng can be easily extended with new host/flow checks and alerts. They are developed in C++ with a few Lua files used by the UI to configure the check and format the emitted alerts. In order to introduce you to thir development, we have written a short guide that shows you step-by-step how to develop a simple check and alert. If you want you can see a code example of host check that rtiggers an alert when a server contacted a new port after a learning period. If you have …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe