Author: admin

  • Home
  • Articles by: admin
nDPI

How to Enhance Wireshark with DPI, latency measurement and more
This week at Sharkfest US 17, we have presented the ntop contributions to wireshark. In particular: How to use nDPI to complement Wireshark traffic classification How to remote capture on a remote box at 10/401/100 Gbit and stream traffic securely to wireshark via SSH Same as above but extracting packets from TBytes (of pcaps)  using pcap indexes How to turn wireshark into a traffic monitoring tool able to measure traffic and network latency. For those who have not attended the session (recording will appear soon on the sharkfest web site), …
ntopng

Integrating ntopng with Grafana
Last week the NYC Metrics and Monitoring meetup invited ntop to give a talk. The topic was how to open ntopng so that it can become a gateway for producing network metrics that could be used by popular applications and frameworks such as Snap-io, Prometheus or Influx. The first result of this activity is the integration of ntopng with Grafana that we plan to complete in July. Here you can see the presentation slides  where you can have an idea of the work we’re doing. If you are interested in using …
nProbe

Introducing nProbe 8.0, the ntopng flow companion
The current nProbe 8.0 release contains many changes with respect to the 7.x series. We have optimised the code, added the ability to collect non standard fields (e.g. Cisco AVC), improved Kafka export, and reworked many tiny details to make the tool a stable solution for all those looking for a flexible and versatile flow probe and collector. For all those interested in the whole changelog, below you can find the main changes we have implemented in the past months. In summary we have made nProbe better adding new extensions, …
ntopng

Introducing ntopng 3.0
If you have enjoyed ntopng 2.x, we believe you will like 3.0 even more as we have worked for almost one year to this release. We have modified many things, improved security in ntopng (in the cybersecurity days this is the least we could do), added layer 2 visibility, improved metrics calculations, added alerts support (even on the go), improved significantly the Windows version (yes Win 10 is supported out of the box), improved performance, reworked the GUI in many aspects, improved significantly the inline traffic mode, improved FreeBSD support. As …
nDPI

Say hello to nDPI 2.0 (with wireshark integration)
nDPI 2.0 is a major release that: Consolidates the API, in particular for guessing new protocols or notifying nDPI that for a given flow there are no more packets to dissect. Introduces nDPI support into Wireshark by means of a lua script and extcap plugin. Available via an extcap interface, the plugin sends Wireshark the nDPI-detected protocols by adding an ethernet packet trailer that is then interpreted and displayed inside the Wireshark GUI using the companion lua script. If you’re planning to attend the Sharkfest US 2017, we will present …
cento

Webinar: Security Monitoring with 1:1 NetFlow and 100% Packet Capture
Latest news: Napatech has decided to reschedule the webinar. A new date will be announced when available. Thu May 23rd and 25th together with Napatech we have organised two webinars about monitoring network traffic using flow-based technologies. We will be talking about 100 Gbit network traffic monitoring. Flow-based monitoring including nProbe Cento. 100% packet capture with no loss combining Napatech NICs and PF_RING ZC You can register here to save your seat.  Hope that many of our users will attend these webinars. …
ntopng

Detecting and Fighting Ransomware Using ntopng (yes including WannaCry)
These days many people are talking about ransomware and in particular of the problems created by WannaCry. Some ntop users contacted us asking if they could use our tools for detecting and stopping ransomware. While the best solution to these issues is to properly implement network security (that is a process, not a product in our opinion) by designing the network properly and keeping hosts updated,  it is usually possible to use ntopng to detect infections, block most of them, and have a list of hosts that might have been …
ntopng

Monitoring Network Devices with ntopng and SNMP
Summary SNMP is widely used for network monitoring. Being able to remotely monitor network devices is fundamental to have a clear picture of present and past network health. ntopng systematically interacts with SNMP devices to provide historical and real-time insights on the network. ntopng SNMP support Simple Network Management Protocol (SNMP) is one of the de-facto standards used to remotely monitor network devices such as routers, switches and servers, just to name a few. With ntopng Enterprise it is possible to consistently and programmatically interact with those devices to have a real-time view …
ntop

Monitoring IoT and Fog Computing: Challenges and Solutions
Since last year we are designing a solution for monitoring IoT and Fog computing devices. This is becoming a hot argument since they are more and more used to create large Internet attacks and also because our privacy can be affected by this new computing trend. While we do not have a complete solution ready, we have some preliminary results and lessons learnt that are worth to be shared with our community. This is a presentation we created on this subject and that has been shown at the Wurth-Phoenix Roadshow (BTW …
ntopng

Network Security Analysis Using ntopng
Most security-oriented traffic analysts rely on IDSs such as Bro or Suricata for network security. While we believe that they are good solutions, we have a different opinion on this subject. In fact we believe that it is possible to use network traffic monitoring tools like ntopng to spot many security issues that would make and IDS too complex/heavy to use (if possible at all). What many of our users are asking, is the ability to highlight possible scenarios where there is a potential security issue to be analysed more in …
PF_RING

Capture, Filter, Extract Traffic using Wireshark and PF_RING
Last year we introduced our new nBPF library able to: 1. Convert a BPF filter to hardware rules for offloading traffic filtering to the network card, making it possible to analyse traffic at 100G. 2. Accelerate traffic extraction from an indexed dump set produced by n2disk, our traffic recording application able to produce multiple PCAP files together with an index. Along with that library we released a tool n2if, able to create virtual interfaces to be used in Wireshark for implementing line-rate hardware packet filtering at 100G with Wireshark and filtering terabytes …
Guides

Filling the Pipe: Exporting ntopng Flows to Logstash
Logstash comes in very handy when it is necessary to manipulate or augment data before the actual consolidation. Typical examples of augmentation include IP address to customer ID mappings and geolocation, just to name a few. ntopng natively supports network flows export to Logstash. The following video tutorial demonstrates this feature. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe