Announce

ntopConf 2023 (25 years of ntop) Registration is Now Open
This is to announce that the registration for the ntop Conference 2023, 25 years since the first release of ntop, is now open. Similar to past conferences, this event is divided into two days: the first day will be allocated for training on ntop products, the second day for the main conference and workshop. You can read the conference and training agenda at the ntopConf 2023 page from which you can also reserve your seat. Finally a few notes. In order to make this event effective we have decided that: …
nEdge

Deploying nEdge with Multiple (Virtual) LANs (and WANs)
Exactly 3 years elapsed from the introduction of nEdge (ntopng Edge), and despite the fact we haven’t posted much about it in our blog, this tool continued to grow, many features have been added over time, and we see that every time new users have the chance to try it, they are amazed about the capabilities it provides. If it’s the first time you hear about nEdge, we suggest to read the introductory post which explains how nEdge enables Network administrators to enforce policies at Layer-7 on network users, the nEdge product page which is providing …
Features

Using Traffic Rules To Supervise Network Traffic
The Problem Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot these situations and report them with an alert. This is why we have created the Local Traffic Rules page: users can now define custom Volume/Throughput threshold for some (or all) local hosts. You can also …
nProbe

Monitoring Microsoft Teams Performance and Video/Call Quality
Months ago we have talked how ntopng identifies ad monitors Zoom calls quality. Today we show how call monitoring has been now seamlessly extended to Microsoft Teams. Thanks to nDPI, ntopng is now able to detect Teams calls and to label them according to the stream type: Video Audio Screen Sharing. For each call it is possible to visualise the stream type as well as the flow statistics. If ntopng collects RTP flows from nProbe it also reports the call quality as exported by nProbe. Both Zoom and Microsoft Teams …
Webinar

Register for ntop June 2023 Webinar: June 20th 3PM CET / 9 AM EST
This is to invite you to the latest ntop webinar before the summer break. The major webinar topic will include n2disk smart packet recorder Latest OT/SCADA Developments; IEC 104 and ModbusTCP Suricata/Zeek IDS Acceleration at 40/100 Gbit New ntopng charts and tables Traffic Rules Inactive Host Monitoring and ,,,, You can register for the webinar at this page: the registration link will be include the instructions for joining the webinar. Hope to see you online ! …
nProbe

Scaling Up ntopng Flow and Packet Processing
As traffic rate increases, it is important to tune packet processing in order to avoid drops and thus educe visibility. This post will show you a few tricks for improving the overall performance and better exploit modern multicore systems. The Problem ntopng packet processing performance depends on the number of ingress pps (packets per second) as well the number of flows/hosts being monitored and number of enabled behavioural checks. With ntopng you can expect to process (your mileage varies according to the CPU/system you are using) a few (< 5) …
ntopng

Introducing Modbus Traffic Monitoring in ntopng
Modbus is an industrial protocol used to communicate with automation devices. The initial protocol version was implemented over a serial layer, whereas the current version named ModbusTCP is a variant of the original protocol running over TCP/IP. This blog post describes how ntopng monitors ModbusTCP traffic: it detects Modbus flows via nDPI and dissects them building an internal flow representation. For each flow, ntopng keeps track of the function codes uses, exceptions and registers accessed.  It also reports the transitions between function Ids and depicts them graphically: the more transitions …
cento

Enabling Zeek and Suricata On-Demand at 40/100 Gbit using PF_RING
Overview Those of you who have some experience with IDS or IPS systems, like Zeek and Suricata, are probably aware of how CPU intensive and memory consuming those applications are due to the nature of the activities they carry on (e.g. signatures matching). This leads to high system load and packet loss when the packet rate becomes high (10+ Gbi+) making these IDSs unlikely to be to deployed on high-speed networks. As nProbe Cento can analyse networks up to 100 Gbit while using nDPI for ETA (Encrypted Traffic Analysis), ntopng …
ntopng

OpenAPI: ntopng REST API for Software Developers
Maybe not all of you know that ntopng powers in some popular monitoring systems such as CheckMK and Centreon. The integration is made possible through the ntopng REST API (REST stands for REpresentational State Transfer) that allows developers to manipulate ntopng configuration and query monitored information including hosts, flows, alerts and historical data. Recently we have integrated the ntopng API specified according to OpenAPI into ntopng by using the swagger open-source tool. All you need to do is to update your ntopng (dev) copy and access the embedded REST API …
Cybersecurity

OT, ICS, SCADA: IEC 60870-5-104 in ntopng
What is OT, ICS, SCADA ? Operational Technology (OT) refers to computing systems that are used to manage industrial operations or process operations, like water treatment, electrical power distribution or wrapping a chocolate in foil. ntopng supports some Industrial control systems (ICS) protocol often managed via a Supervisory Control and Data Acquisition (SCADA) systems. Via nDPI it can detect protocols such as Modbus, IEC 60780 or BACnet. In addition to this, ntopng has extensive detection and monitor capabilitiesfor some protocols OT protocols/ ntopng “Generic” Monitoring ntopng is a monitoring tool …
ntop

How to Enable Smart Recording in ntopng (and n2disk)
Recently, we have introduced Smart Recording in n2disk to combine Cybersecurity with Packet-to-Disk. In this previous post (and in the documentation) we described the idea behind it and described how to enable it in a few simple steps.  For those of you who prefer a video resource, and want to learn more about the technology and how to get the most out of it,  here’s the step-by-step video tutorial. Enjoy!       …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe