Author: admin

  • Home
  • Articles by: admin
Announce

Released nDPI 1.7
This is to announce the release of nDPI 1.7. In addition to many new/updated dissectors, the main change of this release is the ability to identify subprotocols. For instance a DNS request Facebook is not identified as DNS.Facebook (previously only Facebook). This is a great additions for apps that used nDPI to block protocols and that failed due to lack of subprotocol support. We have also revised the core library code so that plugin initialisation is now stored in the plugin itself, making the library core shorter and more readable. …
nDPI

Using ntopng to Implement a WiFi Access Point with Layer 7 Traffic Enforcement
  This post will teach you how to create a cheap WiFi access point able to enforce layer-7 application protocols. In order to do this you can use a cheap RaspberryPi or BeagleBoard with a USB WiFi stick, or use a x86 PC.   The USB stick we use is the following # lsusb Bus 002 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter and once plugged onto a USB port it is immediately recognised by Linux (in this post we use Ubuntu Linux but other distro will …
ntop

Lessons learnt at #SharkFest15
Last week we have made a couple of presentations at SharkFest 2015, introducing to the Wireshark community what ntopng is about. The most interesting part has been the feedback of those who attended the talks who commented on “how to integrate ntopng with Wireshark”. My personal conclusion is that the best way of doing this, is to turn ntopng into a pre-processor for Wireshark; namely use ntopng to permanently monitor a network, detect anomalies, and then analyse them with Wireshark. In fact a packet sniffer cannot be used as a permanent …
June 3, 2015

Exploring your traffic using ntopng with ElasticSearch+Kibana
ntopng allows you to export monitoring data do external sources. For low-traffic sites, SQLite and the ntopng historical interface can be a good option. As your traffic increases you are forced to put your data on a database if you care about performance and long-term data persistency. In future ntopng versions we will add support for additional databases, but for the time being we decided to start with the ELK (ElasticSearch + LogStash + Kibana) paradigm. In this case ElasticSearch (ES) is the database backend, and Kibana the GUI used to …
Announce

Say hello to ntopng 2.0
After 9 months of development, we are pleased to announce the release of ntopng 2.0. This is a major release as we have reworked many application components and made the application robust and usable by mid/large companies and ISPs. We have created two versions of ntopng: Community edition: this is the standard ntopng that you can use free of charge and that implements a robust and easy to use web-based traffic monitoring application. Professional edition: an enhanced version of ntopng that includes modern reports and many new features listed below on this article. …
Announce

Introducing nDPI 1.6
This is to announce the availability of nDPI 1.6, a maintenance release that consolidates this open source deep packet inspection library. This is going to be the last version of the 1.x branch, as we plan (see the enhancements we have planned) major changes for the 2.0 release. Changelog: Moved to github, with continuous testing tools (Travis-CI) and automatic regression testing (via Travis) for improving library quality. New dissector for the QUIC protocol. Major enhancements for Skype, and Tor detection. Reduced memory usage per nDPI flow (up to 40% with …
Announce

News @ ntop: Github, Mobile-Aware web site, IPv6, Travis
Even though these might look like cosmetic changes, we are committed to create better software to serve our community. In the past couple of weeks: We have migrated the server to a new site that is now IPv4 and IPv6. You can now access our software from IPv6 finally. We have moved nDPI, PF_RING and ntopng to github. We hope this will foster collaboration on our software. We are aware that there are areas where we can improve the github integration, but as we’re new to this technology, we invite those …
ntop

Do you want to work for ntop?
As ntop software is increasing in popularity, we need help for supporting our users and working at new developments. Therefore we are looking for someone to join our development time, help us, and assist the user community.   Job Description We are looking for a candidate located in Italy or in a similar time zone (CET) willing to work remotely or (better) at our main location in Pisa. We offer semi-flexible working hours with a set of time to be allocated every day Mon-Fri during standard working hours (9 AM …
PF_RING

PF_RING Deep Dive: Interview with Ivan Pepelnjak
In late March, Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng, and in a second interview about PF_RING. The main topic of the second interview have been: What is the difference between PF_RING and the Linux built-in packet capturing module; How can you process over 10 million packets per second per CPU core? Do you need special device drivers for PF_RING or can you use the standard Linux NIC drivers? How does a packet processing application interact with the PF_RING library? How do you spread packets across multiple cores, multiple …
ntop

ntopng Deep Dive: Interview with Ivan Pepelnjak
Last month Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng. The main topic of the interview were: How it all started and why did Luca decide to start the ntop (and PF_RING) project? What is ntopng (next-generation ntop) and why did they rewrite the product? What are nprobe and nbox? The distributed architecture of ntopng, including probes, data sources, collectors, and the central analyzing engine; Combining ntop and elastic search; Why it makes sense to convert all data into JSON format? What are the problems of …
ntopng

Using ntopng (pre) 2.0 on a Ubiquity EdgeRouter
NOTE: due to limited resources, we have decided to discontinue ntopng on the Ubiquity. Please see this article for more updated information. As the release of ntopng 2.0 is around the corner (we are fixing the last bugs, polishing the GUI and writing some documentation), we want to show how to turn a cheap device such as the Ubiquity EdgeRouter into a traffic monitor and layer-7 policy enforcer as depicted below. NOTE: if you bridge traffic using ntopng, please make sure you do not create loops. A typical mistake is to …
ntopng

Moving towards ntopng 2.0
As you know, our plan is to release ntopng 2.0 later this spring. While we are still coding the last missing features, we have start packaging the tool so that you can start testing it. We have decided to create two versions of ntopng: Community edition: free open-source version, that you can use at no cost. Professional version: fee-based version, that includes features useful in companies. Of course this version will be free of charge for educations and universities as with all other ntop commercial products. There will also be …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe