Author: admin

  • Home
  • Articles by: admin
ntop

Using ntop in Education: South Panola School District
ntop tools are heavily used in education and we’re glad to share a gust post that described the lessons learnt deploying our tools in a a public school district of Mississippi. Enjoy ! South Panola School District’s (SPSD) network continues to evolve to better serve the needs of its students and staff. Upon employment at SPSD, the district had less than 1gbps to the internet and now boasts 3gpbs. With more and more traffic flowing through our network, SPSD has a need to better monitor the traffic to determine more …
ntop

Short 1-2Q24 Roadmap: ntop Cloud, Towards 200 Gbit, Cybersecurity, Low-end nBox
Happy new year everyone! Thos who followed our November webinar know already that we’re working at new features and improvements in our tools. Below you can find a short list of features we plan to implement by the end of spring: ntop cloud. This is the major activity where we’re involved. As already said, for the time being we do not plan to create a SaaS solution (yet) but to create a communication mechanism that allow users to interact with their instances regardless of how they have been deployed. In …
ntop

Securing ClickHouse and MySQL Flow Storage
ntopng stores flows data in various databases including MySQL, Elastic and ClickHouse that is the database storage that we have selected as it outpaces the others in terms of speed and reduced disk space. ClickHouse is a columnar database and while it is very fast during data access, it is optimised for batch data insertion. This means that ntopng imports flow data as follows: High cardinality data such as flows are saved in a temporary file and imported every minute using clickhouse-client. The default TCP communication port is 9000. Low-cardinality …
nDPI

nDPI: Internals and Frequent Questions
All ntop tools are based on nDPI but not every use is familiar with nDPI internals. We often receive questions about it, and it’s time to answer frequent questions. Q: How nDPI implements protocol detection? A: nDPI includes a list of protocol dissectors (356 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol and it will not …
ntopng

ntopng 6.0 Webinar
Last week we have released ntopng 6.0 that contains many new features and a redesigned user interface. Goal of this webinar is to walk through this new release and show a demo of all the major changes we have introduced.   These are the presentation slides, and below you can see the video recording. Enjoy !   …
ntopng

How ntopng Merges Vulnerability Scan with Traffic Monitoring for Better Cybersecurity
ntopng was initially designed as a passive traffic monitoring tool. Over the years we have added active monitoring features such as network discovery, SNMP, and now vulnerability scan.  A network vulnerability scanner is a tool designed to identify vulnerabilities (often know as CVEs) in network services such as a web or SSH server by performing an active service scan. In ntopng we have decided to complement passive traffic with active scanning because: We want to identify vulnerabilities that can assist network and security administrators to implement a healthy network. Matching …
ntopng

Welcome to ntopng 6.0: new Dashboard, Vulnerability Scan, Cloud [beta], Periodic Reports, Threshold-based Alerts
This is to announce ntopng 6.0 a new major release that includes many new features and improvements: ntopng is no longer just a real-time traffic monitoring application: it can now track assets when offline and enable better investigations leveraging on improved historical traffic analysis. Implemented vulnerability reports that can scan hosts, ports, and look for CVEs. Even if other tools sport similar features, ntopng is unique in merging traffic analysis with vulnerability assessment. This means that you can position your CVEs with respect to real traffic (i.e. a severe vulnerability …
nProbe

nProbe 10.4 is now Available: Cloud Support and Agent Mode
This is to announce the release of nProbe 10.4. In this version we have made several improvements (including support for new platforms and distributions) as well merged the agent code into the main code base (via -T) on both Linux and Windows. This feature allows you to export (for traffic originated or terminated on the host where nProbe runs) additional contextual information such as the user or process name that produced specific traffic flows. The agent mode is used in ntopng to implement the cloud mode support, that enables nProbe …
cento

nProbe Cento 1.20 Just Released
This is to announce the release of nProbe Cento 1.20, that is basically a maintenance release that fixes some issues, improved metadata export using nDPI, and adds new platform and distributions support. Below you can find the whole changelog. Enjoy ! Improvements Add ARM support Add support for dumping bad packets (–dump-bad-packets) Add support for the latest nDPI API Improve nDPI protocol guess Fixes Fix bridge mode with standard drivers Fix max interface speed detection with comma-separated list Fix tx stats Fix banned search Fix permissions for the logrotate configuration …
nDPI

nDPI 4.8 is Now Available: Better Performance with Less Memory, Fuzzy Robustness, Many New Protocols
This is to announce the release of nDPI 4.8 that introduces various new protocols (in total 351 protocols and 53 risks), several internal changes to improve packet processing, extension of fuzzing to new components to improve coverage, new algorithms for handling lists with reduced memory and better performance. Protocol changes have been introduced not just for new protocols but also for keeping track of changes on exiting protocols such as QUIC and TLS. This said there are many changes under the hood that include contributions from many developers and that …
ntopng

Threshold vs Statistical Metric Alerts in ntopng
Threshold alerts and statistical alerts are two different methods for monitoring and detecting unusual or potentially problematic events in various systems, such as network monitoring where anomaly detection is essential. They differ in how they define and identify anomalies: Threshold Alerts Threshold alerts are based on fixed, predefined values or thresholds. You set specific thresholds for one or more parameters or metrics within your system. When these parameters cross the predefined thresholds, an alert is triggered. These thresholds are typically static and do not change automatically. You need to set …
ntop

ntopConf 2023 Videos and Slides are Now Available
The ntop conference and training 2023 was a success: more than 100 people attended it, some of them flying to Italy from other continents. This has been a special event as we have celebrated 25 years since the first release of the original ntop application, and 10 years of ntopng. This was our first international event (previous conferences were in Italian) and we are happy of the outcome. For us a conference is a way to update our community about the progresses we have made, how the community uses our …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe