Author: admin

Announce

ntop at SHARKFEST’14

The ntop core team will be at the SHARKFEST in June, the annual 4-day conference, focused on sharing knowledge, experience and best practices among Wireshark developers and users. Luca Deri will be among the speakers talking about “Monitoring Mobile Network Traffic (3G/LTE)“. Join us June 16th through June 20th at the Dominican University of California in San Rafael, CA! …
nProbe

Introducing nProbe Splunk App for (Free) Network and Application Monitoring

Splunk is a popular realtime data capture, aggregation, and data visualisation system. Designed initially for handling application logs, in its current version is available  with a free enterprise license can index up to 500 megabytes of data per day. We have decided to use Splunk to capture and index in realtime flows generated by nProbe, and in particular those that contain non-numerical information, such as HTTP URLs for instance. The versatile of splunk is such that it can be easily customised with a few mouse clicks, so that new reports, views …
Announce

Napatech and ntop will demonstrate 10 Gbps capture-to-disk at RSA and MWC

Napatech, the world’s leading supplier of network analysis adapters, and ntop, the renowned traffic monitoring software expert, today announced a collaboration focused on accelerating time to market for high-performance network management and security appliances. The first initiative is a 10 Gbps capture-to-disk solution that will be demonstrated at Mobile World Congress and RSA, February 24-28. Capture-to-disk is fast becoming a critical capability for appliances used in network management and security as well as real-time big data analytics, but it requires expertise to implement, especially for high-speed applications. Commercial-off-the-shelf (COTS) servers offer …
n2n

Using n2n with Amazon (AWS) EC2

Although we currently have no time to further develop n2n (we have put the project on hold until we have time to work at it again), this tool is still widely used. This article (courtesy of Stuart Buckell) shows how to use n2n to enable broadcast and multicast support on Amazon (AWS) EC2, which is required for certain enterprise applications and protocols. Enjoy! …
ntopng

Scripting ntopng with Lua

The ntopng architecture is divided in three layers: Ingress layer (flow or packet capture). Monitoring engine: the ntopng core. Lua scripting engine Data export layer (via web, syslog or log files). Thanks to the scripting engine, ntopng is fully scriptable. This means that via Lua you can extract the monitoring information and report it into HTML pages or export it to third party applications. The ntopng Lua API is pretty simple it consists of two classes, ntop and interface. ntopng also comes with some example scripts that highlight the main …
nProbe

Running nProbe and ntopng on Ubiquity EdgeRouter Lite

On this blog we have already discussed on how to compile and run ntopng and nProbe on a BeagleBoard and Raspberry Pi. Now we explain (courtesy of  Shane Graham) how to achieve the same on a Ubiquity EdgeRouter Lite, a cheap yet powerful router. First, setup the proper Debian repository: configure set system package repository squeeze components 'main contrib non-free' set system package repository squeeze distribution squeeze set system package repository squeeze url http://http.us.debian.org/debian set system package repository squeeze-security components main set system package repository squeeze-security distribution squeeze/updates set system package repository …
ntopng

ntopng 1.1 Released

This is to announce the release of ntopng 1.1. The main changes with respect to 1.0 include: Enhanced web GUI with new menus and extension of previous sections. Ability to specify multiple interfaces simulatenously (just repeat -i). Performance improvements both in nDPI and the ntopng engine (yes multi-Gbit traffic analysis is possible). Several enhancements to the flow collection interface (note that you need the very latest nProbe) that is not much faster and written in native C++ code. Added Google Maps support and HTML 5 map geolocation support. Ability to save …
ntopng

ntopng Tutorial @ LinuxDay 2013

Last Saturday 26th of October, we have presented a tutorial on ntopng at the Italian LinuxDay 2013. The slides we used for this presentation can be used to learn the idea behind ntopng and highlight the main design principles. We are also glad that this presentation has been accepted for submission consideration at the Italy in a Day contest, so it might have the chance to become part of this upcoming movie. …
ntop

Upcoming ntop meetings: Nürnberg, Luxembourg, Pisa, Milano.

Next week is going to be a busy week for us as we’ll (Luca and Alfredo) be make a short tour in Europe to present ntopng and the latest ntop apps. October 23rd,  Open Source Network Conference, Nürnberg, Germany. October 24-25th, Hack.Lu and Suricata Team, Luxembourg City, Luxembourg. October 26th, Linux Day 2013, Pisa, Italy. October 29th, Open Source Conference 2013, Milano, Italy. We would like to meet ntop users and hear their feedback, criticism and suggestions. See you next week! …
nProbe

Using ntopng and nProbe on the BeagleBone (small is beautiful)

For years we enjoyed pushing the limits of our software products (our nBox recorder is able to handle multi-10Gbit interfaces for instance), but our roots are not there. All started in 2003 with this small PowerPC-based nBox where we have first integrated nProbe into it. Now after 10 years, it is time to rethink all this and try again. On the market there are several small and cheap platforms such as the Raspberry Pi, the BeagleBone Black and the EdgeMax that are ideal platforms for our apps. We have then decided …
nProbe

Why nProbe+JSON+ZMQ instead of native sFlow/NetFlow support in ntopng?

Both sFlow and NetFlow/IPFIX are the two leading network monitoring protocols used today on the market. They are two binary protocols encapsulated over UDP, with data flowing (mono-directional) from the probe (usually a physical network device or a software probe such as nProbe)  to the collector (a PC that receives traffic and handles is or dumps it on a database). This architecture has been used for decades, it still makes sense from the device point of view but not for the application (developer) point of view for many reasons: The …
ntopng

Moving Towards ntopng 1.1

It has been a busy summer here at ntop. Since the initial ntopng 1.0 release, we have tried to fill the gap in terms of missing with respect to the original ntop. This post is to update you about the new features of the upcoming 1.1 release schedule for this fall and that are currently available in the SVN development tree: Ability to support multi-interfaces. This means that you can repeat on the command line “-i <interface>” multiple times, one per interface you want to add. Use of HTTP sessions …