Author: admin

  • Home
  • Articles by: admin
ntop

ntopng Deep Dive: Interview with Ivan Pepelnjak
Last month Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng. The main topic of the interview were: How it all started and why did Luca decide to start the ntop (and PF_RING) project? What is ntopng (next-generation ntop) and why did they rewrite the product? What are nprobe and nbox? The distributed architecture of ntopng, including probes, data sources, collectors, and the central analyzing engine; Combining ntop and elastic search; Why it makes sense to convert all data into JSON format? What are the problems of …
ntopng

Using ntopng (pre) 2.0 on a Ubiquity EdgeRouter
NOTE: due to limited resources, we have decided to discontinue ntopng on the Ubiquity. Please see this article for more updated information. As the release of ntopng 2.0 is around the corner (we are fixing the last bugs, polishing the GUI and writing some documentation), we want to show how to turn a cheap device such as the Ubiquity EdgeRouter into a traffic monitor and layer-7 policy enforcer as depicted below. NOTE: if you bridge traffic using ntopng, please make sure you do not create loops. A typical mistake is to …
ntopng

Moving towards ntopng 2.0
As you know, our plan is to release ntopng 2.0 later this spring. While we are still coding the last missing features, we have start packaging the tool so that you can start testing it. We have decided to create two versions of ntopng: Community edition: free open-source version, that you can use at no cost. Professional version: fee-based version, that includes features useful in companies. Of course this version will be free of charge for educations and universities as with all other ntop commercial products. There will also be …
nDPI

How to Enforce Layer-7 Traffic Policies Using ntopng
ntopng has been traditionally used to passively monitoring network traffic. However as years ago  IDS (Intrusion Detection System) became mature products and eventually became IPS (Intrusion Prevention System), it was time to add inline traffic capabilities in ntopng. This post gives you s sneak preview of this new feature (still under development) that will be included in the upcoming ntopng release. The idea is to combine network traffic monitoring with traffic enforcement so that you can use ntopng not just for monitoring your users (or your children if you are …
News

Come to see the new ntopng at CeBIT 2015
As you might have noticed, we are busy working at ntopng. We will soon publish a blog post where we summarise the current activities and what is still missing before the next version of ntopng will be released. However we believe that while communicating through the Internet is a convenient way to reach the ntop community, we still believe that a physical meeting is also desirable. For this reason we thank our long-time partner Wuerth-Phoenix for hosting us at CeBIT Open Source Park where we can demonstrate the new ntopng at work …
Announce

ntop 2015 Roadmap
Like every year, we have made a short-term plan for the first half 2015. As we are a research-oriented company, we plan to tackle open issues or provide better answer to existing ones. This is our short list of activities we are carrying on: 40 Gbit We are in the process of supporting the new Intel X710 and XL710 network adapters. They are able to operate at 10 and 40 Gbit (1 x 40 Gbit or 4 x 10 Gbit). The PF_RING ZC drivers are under development and on the PF_RING SVN …
ntopng

Using ntop Applications with Docker and OpenStack
In order to ease the deployment of our applications, in addition to source code distribution, we have released binary packages (x64 and ARM) for CentOS/RedHat and Ubuntu/Debian. For PF_RING, that requires to be compiled against the installed kernel version, we have moved to DKMS so that you are no longer required to use the same kernel version we use for packaging it. However the current trend is going towards virtualised environments (not just VMs such as VMware) and IaaS (Infrastructure as a Service) and thus we need to support them.   Docker …
nProbe

Combining System and Network Visibility using nProbe and Sysdig
Introduction When in 1998 we have started the development of the original ntop, there were many Unix tools for monitoring network traffic: ping, tcpdump, netstat, and many others. Nevertheless we have decided to develop ntop, because there was no tool able to show on a simple way what was happening on our network. Early this year we have started the development of some experimental PF_RING kernel module extensions able to give ntop applications visibility of process activities, this in order to bind network traffic with a process name. We have lived once more the …
nProbe

Introducing nProbe v7
After more than three years of work, we are announcing the release of nProbe v7. This is a major evolution of v6 that many of you used in the bast few years. In essence we have worked a lot for improving the application performance, supporting new protocols (including mobile 3G/LTE network monitoring), adding new information elements and moving towards an accurate probe. nProbe still exports the data in NetFlow/IPFIX but we have opened it to new ways of handling monitoring data (e.g. using Splunk and ElasticSearch). This because today we …
nDPI

Running ntopng and nDPI on MacOSX
On Mac OS X users expect simple tool packaging and installation. Initially we planned to distribute .dmg files containing our apps, but then we have decided that in order to support current and future OSX version more easily, this was not the way to go. For this reason we have added support for packaging systems such as HomeBrew (and soon) MacPorts (work is still ongoing but close to the end). Today if you want to run ntopng and nDPI on your OSX box you have the option to: compile everything by …
nDPI

Released nDPI 1.5.1 and ntopng 1.2.1
Today we have released a maintenance version of both nDPI and ntopng that address minor issues present in the previous stable release. In particular for ntopng we have addressed many small security holes identified by security researchers (our thanks go to Luca Carettoni), and thus we encourage you to upgrade when possible; note that for all these attacks you needed a valid ntopng user and password before to perform them, so their danger level is not too high, but still we encourage you too upgrade. Finally this release contains patches and …
PF_RING

Active vs Passive Polling in Packet Processing
From time to time, PF_RING users ask us whether they should use passive polling techniques (i.e. call pfring_poll()) or use active polling that basically means to implement an active loop until the next packet to process becomes available. All those who have read a programming book or attended university classes, might answer that polling is the answer. This also for various other reasons including energy saving in CPUs.  Unfortunately in practice the story is a bit different. If you want to avoid wasting CPU cycles, when you have nothing to do (i.e. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe