Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy !
How ntopng Host Traffic Accounting Works
Despite ntop has implemented rich network metrics over the years, the two most important metrics that people keep asking us are volume (how much) and time (how long). Timeseries offer a quick view of the traffic and allow people to immediately spot traffic peaks or absence of transmissions. They are good for traffic analysis but […]
Introducing nBox Mini
As previously announced, we have added a new entry in the nBox product list: the nBox Mini. This is a small rugged device with 1 and 2.5 Gbit Ethernet port designed to be used as turn key solutions for monitoring small-mid size networks (typically up to 255 hosts), it is preconfigured to accept mirrored traffic […]
How we have Decreased ntopng Memory Usage by more than 60%
In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before […]
HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces
Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with […]
ipt_geofence: Protecting Networks using Geofencing, Blocklists and Service Analysis
Last week the ntop team has organised the network devroom at FOSDEM 2024, that took place in Brussels on Feb 2-3. During the devroom we have presented one tool named ipt_geofence that we have created for protecting our network infrastructure and generate blacklists that can be used with ntop tools (this task is still ongoing). […]
How Sampling and Throughput Calculation Works: NetFlow/IPFIX vs sFlow vs Packets
ntop tools are able to collect various type of flows NetFlow/IPFIX (including dialects such as J-Flow, NetStream) and sFlow/NetFlowLite, this in addition to packet capture/processing. We have decided to seamlessly handle all these formats so that the user does not have to know the inner details of them. so what you do is the usual […]
Using ntop in Education: South Panola School District
ntop tools are heavily used in education and we’re glad to share a gust post that described the lessons learnt deploying our tools in a a public school district of Mississippi. Enjoy ! South Panola School District’s (SPSD) network continues to evolve to better serve the needs of its students and staff. Upon employment at […]
Short 1-2Q24 Roadmap: ntop Cloud, Towards 200 Gbit, Cybersecurity, Low-end nBox
Happy new year everyone! Thos who followed our November webinar know already that we’re working at new features and improvements in our tools. Below you can find a short list of features we plan to implement by the end of spring: ntop cloud. This is the major activity where we’re involved. As already said, for […]
Securing ClickHouse and MySQL Flow Storage
ntopng stores flows data in various databases including MySQL, Elastic and ClickHouse that is the database storage that we have selected as it outpaces the others in terms of speed and reduced disk space. ClickHouse is a columnar database and while it is very fast during data access, it is optimised for batch data insertion. […]