Author: admin

  • Home
  • Articles by: admin
nProbe

Monitoring Microsoft Teams Performance and Video/Call Quality
Months ago we have talked how ntopng identifies ad monitors Zoom calls quality. Today we show how call monitoring has been now seamlessly extended to Microsoft Teams. Thanks to nDPI, ntopng is now able to detect Teams calls and to label them according to the stream type: Video Audio Screen Sharing. For each call it is possible to visualise the stream type as well as the flow statistics. If ntopng collects RTP flows from nProbe it also reports the call quality as exported by nProbe. Both Zoom and Microsoft Teams …
Webinar

Register for ntop June 2023 Webinar: June 20th 3PM CET / 9 AM EST
This is to invite you to the latest ntop webinar before the summer break. The major webinar topic will include n2disk smart packet recorder Latest OT/SCADA Developments; IEC 104 and ModbusTCP Suricata/Zeek IDS Acceleration at 40/100 Gbit New ntopng charts and tables Traffic Rules Inactive Host Monitoring and ,,,, You can register for the webinar at this page: the registration link will be include the instructions for joining the webinar. Hope to see you online ! …
nProbe

Scaling Up ntopng Flow and Packet Processing
As traffic rate increases, it is important to tune packet processing in order to avoid drops and thus educe visibility. This post will show you a few tricks for improving the overall performance and better exploit modern multicore systems. The Problem ntopng packet processing performance depends on the number of ingress pps (packets per second) as well the number of flows/hosts being monitored and number of enabled behavioural checks. With ntopng you can expect to process (your mileage varies according to the CPU/system you are using) a few (< 5) …
ntopng

Introducing Modbus Traffic Monitoring in ntopng
Modbus is an industrial protocol used to communicate with automation devices. The initial protocol version was implemented over a serial layer, whereas the current version named ModbusTCP is a variant of the original protocol running over TCP/IP. This blog post describes how ntopng monitors ModbusTCP traffic: it detects Modbus flows via nDPI and dissects them building an internal flow representation. For each flow, ntopng keeps track of the function codes uses, exceptions and registers accessed.  It also reports the transitions between function Ids and depicts them graphically: the more transitions …
ntopng

OpenAPI: ntopng REST API for Software Developers
Maybe not all of you know that ntopng powers in some popular monitoring systems such as CheckMK and Centreon. The integration is made possible through the ntopng REST API (REST stands for REpresentational State Transfer) that allows developers to manipulate ntopng configuration and query monitored information including hosts, flows, alerts and historical data. Recently we have integrated the ntopng API specified according to OpenAPI into ntopng by using the swagger open-source tool. All you need to do is to update your ntopng (dev) copy and access the embedded REST API …
Cybersecurity

OT, ICS, SCADA: IEC 60870-5-104 in ntopng
What is OT, ICS, SCADA ? Operational Technology (OT) refers to computing systems that are used to manage industrial operations or process operations, like water treatment, electrical power distribution or wrapping a chocolate in foil. ntopng supports some Industrial control systems (ICS) protocol often managed via a Supervisory Control and Data Acquisition (SCADA) systems. Via nDPI it can detect protocols such as Modbus, IEC 60780 or BACnet. In addition to this, ntopng has extensive detection and monitor capabilitiesfor some protocols OT protocols/ ntopng “Generic” Monitoring ntopng is a monitoring tool …
ntop

ntopConf’ 23 Call for Talks is now Open
This year ntop will turn 25. Our call for speakers for the ntop conference 2023 (Pisa, Sept 21-22) is now open. Deadline is June 30th. We want to hear you voice, experience, projects based on ntop tools and anything that can be of interest to our community. Pisa is the conference location that we have selected. It is the ntop hometown, and it can be easily reached with low-cost flights from many international locations.  No excuse for not submitting a talk proposal. Read more and submit your talk at this …
nDPI

Using nDPI to Monitor Streaming, Messaging and Social Network Traffic
We have created nDPI to label network traffic and extract metadata such as the URL or TLS certificate information. nDPI is the layer on top of which ntop applications are sitting. This time we do not want to talk about nDPI internals but rather use it to monitor Internet traffic. For this reason we have taken traffic from an Italian broadband (no mobile) ISP, and used ntopng + nDPI to monitor the Internet traffic produced by residential and business users. Below you can find the results for social networks and …
nProbe

Now available ntopng/nprobe ARM64 Docker Images
Supporting 64 bit ARM platforms is important because there is now a plethora of inexpensive boards based on this architecture. Thanks to the use of docker containers, several manufacturers allow their devices to take advantage of this technology to run third-party software on devices that used to be not extensible. Here you can read how to run ARM64 containers on Mikrotik devices (soon we’ll publish a separate post on this subject). For this reason starting this month, we’ll publish weekly updates of ARM64 docker images that you can run on …
nProbe

How To Analyse Asymmetric VLAN Traffic
A VLAN is a method for partitioning a layer two broadcast domain creating virtual networks of homogeneous systems hence promoting network segmentation. A ethernet port with no VLAN tag is called access port, whereas a switch port with VLAN-tagged packets is called tagged or trunk port. End systems are usually connected to access ports meaning that they deal with untagged packets that are then marked by the switch according to the VLAN port configuration. For this reason a end system is not aware of the VLAN id that is used …
nProbe

How Flow-Based Traffic Classification Works
Many ntop products such as ntopng, nProbe, and PF_RING FT just to name a few are based on network flows. However not all our users know in detail what is a network flow, and how it works in practice. This blog post describes what they are and how they work in practice. What is a network flow? A network flow is a set of packets with common properties. They often are identified by a 5-tuple key meaning that all packets of a given flow have the same source and destination …
ntopng

Going Beyond 5-Tuple in Network Flow Analysis
Traditionally flow-based tools are based on the 5-tuple attributes (source and destination IP, source and destination port and the protocol field). Often they are complemented with additional attributes such as VLAN or Tunnel Id in order to avoid mixing in the same flow packets that belong to different communications.  The above picture shows the 5-tuple key in the live flows window. Looking at flows using the 5-tuple makes sense if we want to understand what it is happening at the individual flow level, but it makes difficult to understand the …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe