Author: admin

  • Home
  • Articles by: admin
Guides

How to Analyse MikroTik Traffic Using ntopng
MikroTik routers are pretty popular in particular in the wireless community and many users of the original ntop are familiar with it. With the advent of ntopng, we have decided to avoid natively supporting netflow in ntopng due to the many “dialects” a of the protocol and leave to nProbe the task to do the conversion of flows onto something ntopng can understand. For this reason the workflow is the one depicted below: The first thing to do is to configure NetFlow (both v5 and v9 are used) on the MikroTik that cane …
nProbe

Advanced Flow Collection with ntopng and nProbe
In flow-based monitoring there are two main components: the probe (a.k.a. flow exporter) and the flow collector/analyser. Usually NetFlow/sFlow is a push mode paradigm as network devices have almost no memory/storage and thus they send out data as soon as possible towards a collector. This architecture is suboptimal as the probe is pushing the same data to all collectors (i.e. collector X cannot tell the probe that it is interested only to HTTP-based flows, but it has to collect everything and discard un-needed information) and also because in case a new collector …
nProbe

How to Build a 100$/€ “Augmented” NetFlow/IPFIX Probe
One of main problems of flow-based devices is their high cost or poor monitoring capabilities (nothing beyond IPv4 packets and bytes). At ntop we believe that network visibility is much more than this, as people in 2016 want application performance, deep packet inspection, export to big data system and much more. We’re experimenting with low-cost hardware devices since a long time but we finding a powerful yet cheap device with  embedded port mirror capability isn’t that simple (or cheap). Finally we have found a solution for families and small business who want to …
Features

Exploring Historical Data Using ntopng: Part 2
ntopng is able to deliver monitored traffic flows data to a MySQL server. We have already discussed how to configure ntopng to deliver this data in another blog post. In this article we discuss the new features that allow you to dig deep into the flows dumped to MySQL using the ntopng web GUI. Earlier ntopng releases didn’t allow for thorough historical analyses and were only giving access to recorded flows and providing limited sorting features. With the advances made in the latest ntopng Pro Small Business it is possible to drill-down historical …
Guides

Monitoring BitTorrent Traffic with ntopng
ntopng has been designed not just for network administrators, but also for small companies and in particular for families. How often you have seen traffic on your network that you did not expect and you asked yourself what was that about. A good example is BitTorrent traffic that can be used for efficiently downloading files and not just for copyright-protected content (unfortunately this is how this protocol is usually perceived by the network community). If you are wondering what your colleagues/children are downloading using BitTorrent, now ntopng can help you. In the latest …
ntopng

Using nfsen-like Traffic Profiles in ntopng
One of the great features of nfsen is the ability to specify filters for identifying specific traffic and thus aggregate and graph it. In ntopng we aggregate traffic per host and networks. However sometimes you want to aggregate using other criteria. Examples include: Traffic from host A to host B VPN traffic sent from host X to concentrator Y Facebook traffic sent from iPad 192.168.13.4 ntopng web traffic In order to implement these measurements, in ntopng we have introduced the concept of network profiles. Each profile is defined using the “Traffic …
nProbe

Towards 100-Gbit Flow-Based Network Monitoring
Last week we have previewed at FlowCon 2016 conference our new 100 Gbit probe called nProbe cento (cento is 100 in Italian). You can find our presentation slides here. We believe that it is important to combine flow monitoring with security and packet to disk. This in an integrated manner, and not by using different un-correlated applications. Cento is the next generation probe able to generate flows at 100 Gbit line rate using an x86 PC and a 100 Gbit NIC on top of PF_RING ZC, while being able to …
Announce

Join us at the San Francisco Network Visibility Meetup on Jan 19th
After the Flocon 2016 meetup we held this week, next week we’re organising a meetup for our users of the bay area where we will discuss a new arguments including high-speed sensors and network analytics. http://www.meetup.com/San-Francisco-Network-Visibility-Meetup/ For those who have not attended the Flocon meetup (~25 people attended it, for a 30 min presentation followed by a 2h open discussion), the main comments have been: Network monitoring has to be integrated with security tools: people demand small machines able to visualise network traffic metrics as well report potential security violations. Inline …
Announce

You’re invited to the ntop Meetup at Flocon 2016
Topic: ntop Meetup – Affordable High-Speed Sensors Everywhere Abstract:  Come and meet Luca Deri, members of the ntop team, and fellow “ntop stack” users and partners as we talk about making instrumentation of the entire infrastructure possible with sensor prices at cost points not before considered possible!  Luca and his team are also looking for your input and feedback for their 2016 roadmap! When: 5:30-7:00 p.m., Wednesday, January 13th Location:  Flocon 2016 Conference, Coquina Ballroom A Refreshments provided courtesy of Kentik Technologies Meetup Presentation Slides Agenda:1) Luca Deri:  ntop Roadmap/Discussion (30 …
Announce

ntop 2016 Roadmap
2015 has been a year full of activities that allowed us to consolidate our tools and thus provide a better service to the community. In 2016 the plan is the following: 100 Gbit As in 2015 we have added support for 40 Gbit in PF_RING, 2016 will be the year of 100 Gbit. We already support the Accolade and Napatech 100 Gbit NICs in PF_RING, but the plan is to make 100 Gbit commodity, and thus as soon as the new Intel Red Rock Canyon adapters will be available (we expect …
Guides

Ntopng Integration with Nagios
Discontinuation Notice This post becomes obsolete effective with ntopng 4.1+. Full discontinuation notice available here. This tutorial shows how to properly configure nagios and ntopng (Professional) in order to send asynchronous ntopng-generated alerts to nagios. Prerequisites It is assumed that the following software is already installed and properly configured: nagios daemon nagios NSCA (Nagios Service Check Acceptor) daemon ntopng Professional Please see the Resources section at the bottom of this page for useful links and guides on how to set-up nagios and NSCA daemons. Tutorial Set-Up This tutorial uses two hosts connected to …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe