Author: admin

  • Home
  • Articles by: admin
nProbe

ntop and Kentik bring nProbe to the Cloud
Traditionally nProbe is used as a host-based network monitoring probe able to produce “augmented” flow records including performance monitoring, security and visibility information. We have a common vision with Kentik of how network instrumentation needs to evolve beyond “just” bytes and packets-based NetFlow, and of how that can enable users to understand network performance and security challenges. This year, we entered a partnership with Kentik to leverage nProbe to export rich network metrics to the Kentik Detect big data network analytics cloud platform, and we’re proud to announce the first …
Announce

You’re Invited to the ntop Users Meeting and (free) Tutorial
Earlier this year we have held a ntop meetup in USA. Now we want to invite you to attend the ntop users meeting that will take place on October 17th (2 PM-5 PM), during the SharkFest Europe 2016 conference. The idea is to meet the ntop community, present our tools, highlight future work items and teach you how to master our tools. The ntop core team will be present at the event, and we would like to meet our users in person as we need to learn what are the things we …
nProbe

Flow-based Monitoring: nProbe Cento vs Standard/Pro
Since the introduction of nProbe Cento, we receive periodically emails of users wondering what are the differences between these two applications. This post is to clarify the differences, and better position them. The nProbe family is a set of flow-oriented applications, meaning that each packet is not handled individually but as part of a flow (e.g. a TCP connection or a UDP communication such as a VoIP call). This task is significantly more expensive than handling packets individually because we need both to keep the flow state and process packets in …
ntopng

ntopng 2.6 Roadmap
As we have released 2.4, it is now time to plan for the next release and highlight the list of features we plan to implement so we can start a discussion and get some feedback. The major changes we would like to introduce include: Rework interface views to make them more efficient and not an expecting as they are today. Add full support for sFlow/NetFlow so that we can keep per interface statistics as many other collectors do. Introduce some “enterprise-oriented” features such as per-AuthononousSystem statistics and traffic accounting, qcreate …
Guides

Best Practices for Efficiently Running ntopng
The default ntopng configuration, is suitable for most of our users who deploy it on a home network or small enterprise network (typically a /24 network) with link speed <= 100 Mbit. This does NOT mean that ntopng cannot operate on faster/larger networks, but that it cannot be used without any configuration. The first thing to modify are the -x/-X settings. You need to set them to double the max size you expect on your network. Example if you expect to have (including both local and remote hosts) at most …
ntopng

Announcing ntopng 2.4: Efficiency is Beauty
At ntop we are on a mission to develop enterprise-grade networking software, mostly open-source, and free of charge for no-profit/research organizations. Since our inception, we have been passionately and resiliently developing software to allow our users to monitor, protect, and preserve their network infrastructure. And we have been doing this in a relentless pursuit for the best and most efficient solution. We know that in the big-data era it is becoming increasingly easy to “add an extra appliance” — after all, it’s not that expensive — but this is not at the heart of our …
nProbe

Introducing nProbe Cento: a 1/10/40/100 Gbit NetFlow/IPFIX Probe, Traffic Classifier, and Packet Shunter
Traditionally ntop has focused on passive traffic analysis. However we have realized that the traffic monitoring world has changed and looking at network flows is no longer enough: People want to enforce policies: if the network is hit by a security threat you need to stop it, without having to tweak with router ACLs or deploying yet another box to carry on this task. Combine visibility with security: flow-based analysis has to be combined with traffic introspection, activities that tools like Bro, Suricata and Snort do. Unfortunately these applications are CPU-bound so, in order to boost …
nProbe

Introducing nProbe 7.4
This to announce the release of nProbe 7.4. We have worked hard in this version to improve it in several way by better integrating it with ntopng, improving network performance metrics computation, ability to export data to big-data systems, make VoIP quality metrics more reliable. However the bigger innovation in this release is the probe scriptability using Lua (see the nProbe User’s Guide for all details). You can now perform actions on flows (e.g. if you see a DNS query for host www.ntop.org then execute action X) and start moving …
Guides

Tweaking MySQL to Improve ntopng Flows Storage Space Usage
Edit: MySQL tables engine has been migrated to MyISAM in ntopng 2.4 so this post only applies for versions <= 2.3. This is the first post that tries to give hints on how to tweak MySQL settings to better accomodate flows exported by ntopng. In particular, in this post it is discussed how to improve disk space usage. Hopefully, a series of posts with tips and tricks on how to improve responsiveness and reduce query time will be published in the future. ntopng  MySQL flow export can be enabled using …
nDPI

Released nDPI 1.8
This is to announce the release of nDPI 1.8. In this version we have updated many protocol dissectors, simplified the API as well started to introduce changes that will be further improved in future versions. As usual we have changed many protocols dissectors. The whole changelog can be found below. Many thanks to all contributors! Changelog Recoded DNS and QUIC dissectors Code passed checks of static code analysers Added API wrappers (to be used in apps using nDPI) for substring-search ndpi_init_automa() ndpi_free_automa() ndpi_add_string_to_automa() ndpi_finalize_automa() ndpi_match_string() set_ndpi_malloc() set_ndpi_free() Added new ndpi_detection_giveup() …
News

Learn more about ntopng at RIPE72
This week we will attend the RIPE 72 meeting in Copenhagen, DK. Thanks to Martin Winter (co-founder of NetDEF) we will  speak about ntopng at two events on Thursday, May 26th: At 11AM we will introduce ntopng at the Open Source Working Group. At 3PM in room “Akvariet 2” we will run a two hours tutorial about ntopng and current/future ongoing developments we are carrying on. These events would be a good time for learning more about our tools, and for discussing extensions, future work items, issues you would like …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe