Author: Alfredo Cardigliano

  • Home
  • Articles by: Alfredo Cardigliano
Announce

Introducing the New Infrastructure Dashboard in ntopng
For this reason, some time ago we introduced the Infrastructure Monitoring in ntopng, as described in a previous blog post, which is the ability to use ntopng to monitor other ntopng instances, by means of its Active Monitoring capabilities. This infrastructure monitoring feature allows users to gain real-time insights into the status of their ntopng instances, as well as monitor the network interconnecting them. Now, we are excited to introduce a further extension to the Infrastructure Monitoring in ntopng, the new Infrastructure Dashboard. This enhancement enables users to efficiently oversee multiple …
n2disk

Introducing n2disk 3.8: NVIDIA Support, Smart Recording, Traffic Deduplication
We’re excited to announce a new stable release of n2disk v. 3.8. This release is bringing significant new capabilities to the network monitoring and recording landscape, and it is packed with features that enhance both functionalities and performance. Here’s a closer look at the highlights of this release: New Smart Recording support to intelligently manage and optimize storage usage. Multithreaded Packet Capture to take advantage of  RSS (Receive Side Scaling) capabilities on NVIDIA/Mellanox ConnectX adapters. In fact on those adapters it is not possible to scale the performance by spawning …
nScrub

Introducing nScrub 1.6: Broader Support, More Offloads, Improved Algorithms
We are excited to announce this new release of nScrub, 1.6, packed with new features, expanded hardware support, and key enhancements to strengthen network defense capabilities. This release adds native support for NVIDIA/Mellanox ConnectX adapters, and extends support for Napatech adapters by enabling the TX offload support, which optimizes packet transmission performance and reduces CPU overhead. We also implemented native support for DPDK, making nScrub open to deployments where the users are widely using this SDK. We’ve also improved the detection and scrubbing algorithms, including additional checks on TCP packet …
cento

Exporting (Custom) Flows with Avro in nProbe Cento
This summer we introduced nProbe Cento 2.0. Before this release, Cento was supporting JSON serialization only when exporting flows to Kafka. JSON is straightforward and widely used, but it can be verbose and less efficient for high-throughput or resource-sensitive environments. To address these challenges, when exporting flows to ntopng, some time ago we introduced a binary/TLV format for data serialization, implemented in our open-source nDPI library. However, despite this being an open format, it is not widely used. For this reason, in order to improve interoperability with other solutions, we …
cento

Released Cento 2.0: Hardware Flow Table Offload, Avro Export and Much More
This is to announce that Cento 2.0 is out! This new major release introduces many new great features. First of all it adds support for offloading flows to Napatech SmartNICs featuring Flow Manager. This new feature has been presented at IEEE HPSR (IEEE International Conference on High Performance Switching and Routing) and demonstrated to provide a significant performance boost and dramatically reduce the PCIe and memory bandwidth utilisation when processing 100 Gbit (or more) links with full-speed traffic. This can be used both by standard cento to accelerate passive monitoring, …
PF_RING

Released PF_RING 8.8.0: Flow Table Offload and nVidia BlueField Support
This is to announce a new PF_RING release 8.8.0! This release adds generic support for flow table offload, which is currently supported on Napatech adapters with Flow Manager enabled. This new technology has been successfully used to accelerate nProbe Cento when running with DPI enabled on multi 100 Gbit traffic (both passive and inline) and the work has been presented at IEEE HPSR (IEEE International Conference on High Performance Switching and Routing). This also adds support for zero-copy transmission on Napatech adapters, to reduce bandwidth utilisation and latency when forwarding …
n2disk

Howto Build a (Cheaper) 100 Gbit Continuous Packet Recorder using Commodity Hardware
Those who follow this blog probably read a few posts where we described how to build a 100 Gbit continuous packet recorder using n2disk and PF_RING, providing specs for recommended hardware and sample configurations (if you missed them, read part 1, part 2 and part 3). In those posts we recommended the use of FPGA-based adapters (e.g. Napatech) with support for PCAP chunk mode (e.g. ability for the NIC to collapse packets onside the adapter in pcap format without the need to read packet-by-packet as with most network adapters), in addition …
ntop

Fixing Packet Deduplication: Introducing nDedup
When it comes to monitor a busy network, network monitoring tools can become bogged down, or even worse produce misleading information for your analysis, by a hidden culprit: duplicate packets. Imagine a firehose of data streaming across your network, much of this data can be redundant, with identical packets being sent multiple times due to retransmissions or mirroring configurations. As an example, when a SPAN (Switch Port Analyzers) port is used to mirror ingress and egress direction of switch ports, the resulting mirrored traffic might contain up to 50% of …
ntopng

Introducing ntopng Customised Reports
In ntopng 6.0 Dashboard and Traffic Reports have been completely redesigned and rewritten from scratch with a new, flexible engine which is template-based. In a previous webinar we demonstrated how cute and powerful the new engine is, with the ability to automatically generate periodic reports, and with the promise of releasing a graphical editor for customising it, and let everyone to create its own traffic view on both historical and live traffic data. The graphical editor has been implemented and it is available in ntopng 6.1 (and later versions). In this …
cento

HowTo Build a 100 Gbit NetFlow Sensor Using nProbe Cento
When it comes to monitor a distributed network, to get a picture of the Network traffic flowing through the uplinks or on critical Network segments, NetFlow like technologies are usually the answer. nProbe Pro/Enterprise and nProbe Cento are software probes that can be used to build versatile sensors able to export flow information in many different formats, including NetFlow v5/v9/IPFIX, Kafka, Elasticsearch, ClickHouse, MySQL, CSV files, etc. All this at very high speed. nProbe Pro/Enterprise has been designed for low/mid rate (1/10 Gbps) while nProbe Cento has been designed to …
ntop

Introducing PF_RING 8.6: Runtime Filtering and On Demand IDS at 100 Gbit
This is to announce a new PF_RING release 8.6 ! This stable release introduces a new Runtime component in PF_RING, which adds support for runtime filtering. This allows an external application to push filtering rules (through a Redis queue) while the socket is running, and offload them to the adapter when supported (e.g. on NVIDIA/Mellanox Connect-X adapters). This enables Zeek and Suricata “on-demand” at 100 Gbit as discussed in a previous post. This release also adds support for Debian 12 and latest 6.x kernel shipped with Ubuntu 22 LTS. Many other improvements …
ntop

Sorting Out and Clustering Alerts in ntopng
In a previous post, What’s In The (Alert) Inbox?, we’ve discussed how alerts are organised in the Alerts Explorer. The new “inbox” design allows us to cluster alerts into separate folders high-priority events, that require attention and needs to be addresses as soon as possible, from other minor events. This solves one issue: having all critical alerts under control, while still tracking and archiving all minor Network issues (that contribute to the hosts score, and may be still of interest when drilling down during our analysis). In a system which …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe