Author: admin

  • Home
  • Articles by: admin
Announce

Join us at the San Francisco Network Visibility Meetup on Jan 19th
After the Flocon 2016 meetup we held this week, next week we’re organising a meetup for our users of the bay area where we will discuss a new arguments including high-speed sensors and network analytics. http://www.meetup.com/San-Francisco-Network-Visibility-Meetup/ For those who have not attended the Flocon meetup (~25 people attended it, for a 30 min presentation followed by a 2h open discussion), the main comments have been: Network monitoring has to be integrated with security tools: people demand small machines able to visualise network traffic metrics as well report potential security violations. Inline …
Announce

You’re invited to the ntop Meetup at Flocon 2016
Topic: ntop Meetup – Affordable High-Speed Sensors Everywhere Abstract:  Come and meet Luca Deri, members of the ntop team, and fellow “ntop stack” users and partners as we talk about making instrumentation of the entire infrastructure possible with sensor prices at cost points not before considered possible!  Luca and his team are also looking for your input and feedback for their 2016 roadmap! When: 5:30-7:00 p.m., Wednesday, January 13th Location:  Flocon 2016 Conference, Coquina Ballroom A Refreshments provided courtesy of Kentik Technologies Meetup Presentation Slides Agenda:1) Luca Deri:  ntop Roadmap/Discussion (30 …
Announce

ntop 2016 Roadmap
2015 has been a year full of activities that allowed us to consolidate our tools and thus provide a better service to the community. In 2016 the plan is the following: 100 Gbit As in 2015 we have added support for 40 Gbit in PF_RING, 2016 will be the year of 100 Gbit. We already support the Accolade and Napatech 100 Gbit NICs in PF_RING, but the plan is to make 100 Gbit commodity, and thus as soon as the new Intel Red Rock Canyon adapters will be available (we expect …
Guides

Ntopng Integration with Nagios
Discontinuation Notice This post becomes obsolete effective with ntopng 4.1+. Full discontinuation notice available here. This tutorial shows how to properly configure nagios and ntopng (Professional) in order to send asynchronous ntopng-generated alerts to nagios. Prerequisites It is assumed that the following software is already installed and properly configured: nagios daemon nagios NSCA (Nagios Service Check Acceptor) daemon ntopng Professional Please see the Resources section at the bottom of this page for useful links and guides on how to set-up nagios and NSCA daemons. Tutorial Set-Up This tutorial uses two hosts connected to …
ntopng

ntopng 2.2 Just Released
After over 6 months of work, we’re pleased to announce the release of ntopng 2.2 (as already discussed even numbers identify stable releases whereas odd number development versions). The goal of this release has been to consolidate the existing work, fix issues reported by users, improve the reports we have introduced in 2.0 and pave the way for the next development iteration where we plan to add new features (we’ll present the roadmap in the next few weeks). The main new features of this release is the introduction of traffic …
ntopng

Exploring Historical Data Using ntopng
In the original ntopng it was possible to navigate historical information using a so called “Historical Interface”. Such interface was a logical network interface able to read flow data from a SQLite archive and present them on the web interface. This approach had various limitations when it was used to navigate data on a long term window, as all flows had to be restored on memory before visualising them, process that can take a lot of memory and time when data cardinality increases. In the ntopng 2.1 development version, we have …
nProbe

Yes, There’s Life After NetFlow
At ntop we’ve been playing with NetFlow/IPFIX since more than 10 years and been part of its standardisation. While we acknowledge that concept of flow (a set of packets with common properties such as the same IP/port/protocol/VLAN) is still modern, the NetFlow format is now becoming legacy as we have already discussed some time ago. Modern data crunchers such as those belonging to the big data movement or emerging data storage systems (e.g. Solr or ELK) are  based on the concept that information has to be defined on an open format (usually …
Announce

Released nDPI 1.7
This is to announce the release of nDPI 1.7. In addition to many new/updated dissectors, the main change of this release is the ability to identify subprotocols. For instance a DNS request Facebook is not identified as DNS.Facebook (previously only Facebook). This is a great additions for apps that used nDPI to block protocols and that failed due to lack of subprotocol support. We have also revised the core library code so that plugin initialisation is now stored in the plugin itself, making the library core shorter and more readable. …
nDPI

Using ntopng to Implement a WiFi Access Point with Layer 7 Traffic Enforcement
  This post will teach you how to create a cheap WiFi access point able to enforce layer-7 application protocols. In order to do this you can use a cheap RaspberryPi or BeagleBoard with a USB WiFi stick, or use a x86 PC.   The USB stick we use is the following # lsusb Bus 002 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter and once plugged onto a USB port it is immediately recognised by Linux (in this post we use Ubuntu Linux but other distro will …
ntop

Lessons learnt at #SharkFest15
Last week we have made a couple of presentations at SharkFest 2015, introducing to the Wireshark community what ntopng is about. The most interesting part has been the feedback of those who attended the talks who commented on “how to integrate ntopng with Wireshark”. My personal conclusion is that the best way of doing this, is to turn ntopng into a pre-processor for Wireshark; namely use ntopng to permanently monitor a network, detect anomalies, and then analyse them with Wireshark. In fact a packet sniffer cannot be used as a permanent …
June 3, 2015

Exploring your traffic using ntopng with ElasticSearch+Kibana
ntopng allows you to export monitoring data do external sources. For low-traffic sites, SQLite and the ntopng historical interface can be a good option. As your traffic increases you are forced to put your data on a database if you care about performance and long-term data persistency. In future ntopng versions we will add support for additional databases, but for the time being we decided to start with the ELK (ElasticSearch + LogStash + Kibana) paradigm. In this case ElasticSearch (ES) is the database backend, and Kibana the GUI used to …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe