Author: admin

  • Home
  • Articles by: admin
ntop

ntop Cloud: Basic Concepts
We have designed the ntop Cloud as a way to securely interconnect customer applications deployed across hosts in heterogeneous environments not necessarily directly interconnected. Initially the goal of ntop Cloud is to enable users to administer easily these applications, update/restart/stop/start them with a mouse click, reconfigure them, and supervise their activities. Future SaaS (software as a service) features are planned but not a short term goals. The idea is to simplify application deployment, check application status regardless of the physical network, detect restarts etc. things that before the ntop Cloud …
ntopCloud

ntop Cloud: Security Design and Architecture
In late 2023 we have announced the beginning of a new project we have called ntop Cloud. The first goal of this project is to enable ntop applications to communicate regardless of the network topology where they are deployed, This in a secure way. In essence we want to create a new network overlay that allow ntop applications to communicate and share data. Some use cases: Be notified when a ntop application is no longer active or more in general when it changes its status. Implement a public web interface …
ntop

Announcing ntop Professional Training: May 2024
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in May we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 14th, 16th, 21st, 23rd, 28th, 30th of May, 2024 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session lasts …
ntopng

How Historical Traffic Behaviour Analysis Works
In ntopng we have implemented various techniques for analysing historical traffic. This post shows you the options available: In timeseries you can see the current traffic rate (line) or the traffic rate of the previous period of time (dotted). This allows you to visually analyse when traffic deviates from previous period of time (see for instance in the chart below the traffic drop happened at 10 AM). 2. You can trigger interface alerts based on statistical traffic analysis (exponential smoothing) when traffic exceeds (up/down) its baseline. Note that when this …
ntopng

DoS Detection Using ntopng and NetFlow/IPFIX
Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy ! …
ntopng

How ntopng Host Traffic Accounting Works
Despite ntop has implemented rich network metrics over the years, the two most important metrics that people keep asking us are volume (how much) and time (how long).  Timeseries offer a quick view of the traffic and allow people to immediately spot traffic peaks or absence of transmissions. They are good for traffic analysis but are too complex for producing accounting data and comparing usage overtime. For this reason ntopng provides for each local host an additional feature that allows you to see immediately the amount and time that a …
nbox

Introducing nBox Mini
As previously announced, we have added a new entry in the nBox product list: the nBox Mini. This is a small rugged device with 1 and 2.5 Gbit Ethernet port designed to be used as turn key solutions for monitoring small-mid size networks (typically up to 255 hosts), it is preconfigured to accept mirrored traffic (e.g. from a span-port) or to act as a bump-in-the-wire (inline) device. It comes with ntopng pre-installed and configured through the nBox user interface.  It can optionally run also nProbe to also collect flows that …
ntopng

How we have Decreased ntopng Memory Usage by more than 60%
In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before and after our work. As you can see we managed to squeeze the memory from 4 GB to 1.3 GB. Below we describe how we did it. The challenge was to reduce memory usage while …
nProbe

HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces
Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with nProbe/ntopng but how can you analyse them when saved in pcap format and not captured from the wire? The nProbe package includes a companion tool that allows flows to be extracted from a pcap file …
Cybersecurity

ipt_geofence: Protecting Networks using Geofencing, Blocklists and Service Analysis
Last week the ntop team has organised the network devroom at FOSDEM 2024, that took place in Brussels on Feb 2-3. During the devroom we have presented one tool named ipt_geofence that we have created for protecting our network infrastructure and generate blacklists that can be used with ntop tools (this task is still ongoing). ipt_geofence, an open-source tool for Linux and FreeBSD that combines in one tool IP geofencing, service (e.g. SSH, Web and mail) analysis, and blocklists. It allows malicious hosts to be blocked and hence protect services …
nProbe

How Sampling and Throughput Calculation Works: NetFlow/IPFIX vs sFlow vs Packets
ntop tools are able to collect various type of flows NetFlow/IPFIX (including dialects such as J-Flow, NetStream) and sFlow/NetFlowLite, this in addition to packet capture/processing. We have decided to seamlessly handle all these formats so that the user does not have to know the inner details of them. so what you do is the usual pipeline where nProbe collects flow from devices (i.e. router or switch) or turns packets into flows. In both cases nProbe will deliver this information to ntopng by enriching the exported flows with additional data (e.g. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe