ntopng

How we have Decreased ntopng Memory Usage by more than 60%
In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before and after our work. As you can see we managed to squeeze the memory from 4 GB to 1.3 GB. Below we describe how we did it. The challenge was to reduce memory usage while …
nProbe

HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces
Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with nProbe/ntopng but how can you analyse them when saved in pcap format and not captured from the wire? The nProbe package includes a companion tool that allows flows to be extracted from a pcap file …
Cybersecurity

ipt_geofence: Protecting Networks using Geofencing, Blocklists and Service Analysis
Last week the ntop team has organised the network devroom at FOSDEM 2024, that took place in Brussels on Feb 2-3. During the devroom we have presented one tool named ipt_geofence that we have created for protecting our network infrastructure and generate blacklists that can be used with ntop tools (this task is still ongoing). ipt_geofence, an open-source tool for Linux and FreeBSD that combines in one tool IP geofencing, service (e.g. SSH, Web and mail) analysis, and blocklists. It allows malicious hosts to be blocked and hence protect services …
ntopng

Introducing ntopng Customised Reports
In ntopng 6.0 Dashboard and Traffic Reports have been completely redesigned and rewritten from scratch with a new, flexible engine which is template-based. In a previous webinar we demonstrated how cute and powerful the new engine is, with the ability to automatically generate periodic reports, and with the promise of releasing a graphical editor for customising it, and let everyone to create its own traffic view on both historical and live traffic data. The graphical editor has been implemented and it is available in ntopng 6.1 (and later versions). In this …
News

HowTo Monitor SNMP Interfaces Utilisation and Congestion Rate
Recently, we added the ability in ntopng to monitor link utilisation using NetFlow/IPFIX. In this post, we want to show you how we further improved those functionalities by leveraging SNMP to monitor the status of many devices (interfaces) simply. SNMP is a well-known protocol used for monitoring network devices, and ntopng uses it to poll and gather information from them. ntopng computes the interface usage by using a simple proportion between the traffic metered via SNMP and the interface speed. The interface speed is read by default from SNMP, but it can …
nProbe

How Sampling and Throughput Calculation Works: NetFlow/IPFIX vs sFlow vs Packets
ntop tools are able to collect various type of flows NetFlow/IPFIX (including dialects such as J-Flow, NetStream) and sFlow/NetFlowLite, this in addition to packet capture/processing. We have decided to seamlessly handle all these formats so that the user does not have to know the inner details of them. so what you do is the usual pipeline where nProbe collects flow from devices (i.e. router or switch) or turns packets into flows. In both cases nProbe will deliver this information to ntopng by enriching the exported flows with additional data (e.g. …
ntop

Using ntop in Education: South Panola School District
ntop tools are heavily used in education and we’re glad to share a gust post that described the lessons learnt deploying our tools in a a public school district of Mississippi. Enjoy ! South Panola School District’s (SPSD) network continues to evolve to better serve the needs of its students and staff. Upon employment at SPSD, the district had less than 1gbps to the internet and now boasts 3gpbs. With more and more traffic flowing through our network, SPSD has a need to better monitor the traffic to determine more …
ntop

Short 1-2Q24 Roadmap: ntop Cloud, Towards 200 Gbit, Cybersecurity, Low-end nBox
Happy new year everyone! Thos who followed our November webinar know already that we’re working at new features and improvements in our tools. Below you can find a short list of features we plan to implement by the end of spring: ntop cloud. This is the major activity where we’re involved. As already said, for the time being we do not plan to create a SaaS solution (yet) but to create a communication mechanism that allow users to interact with their instances regardless of how they have been deployed. In …
ntop

HowTo Monitor Network Interface Usage with NetFlow/IPFIX
SNMP is the de-facto protocol for monitoring network devices. Using it, it is possible to monitor “how much” a link is used. What is missing is “how” a link is used. Namely if my Internet link is full, what is the device, protocol, application that is using it? ntopng was created to answer this question and see in realtime what happens on a network interface. In this blog post we will show you how to combine network interface usage monitoring with traffic analysis. Flow-based protocols such as sFlow and NetFlow/IPFIX …
ntop

Securing ClickHouse and MySQL Flow Storage
ntopng stores flows data in various databases including MySQL, Elastic and ClickHouse that is the database storage that we have selected as it outpaces the others in terms of speed and reduced disk space. ClickHouse is a columnar database and while it is very fast during data access, it is optimised for batch data insertion. This means that ntopng imports flow data as follows: High cardinality data such as flows are saved in a temporary file and imported every minute using clickhouse-client. The default TCP communication port is 9000. Low-cardinality …
cento

HowTo Build a 100 Gbit NetFlow Sensor Using nProbe Cento
When it comes to monitor a distributed network, to get a picture of the Network traffic flowing through the uplinks or on critical Network segments, NetFlow like technologies are usually the answer. nProbe Pro/Enterprise and nProbe Cento are software probes that can be used to build versatile sensors able to export flow information in many different formats, including NetFlow v5/v9/IPFIX, Kafka, Elasticsearch, ClickHouse, MySQL, CSV files, etc. All this at very high speed. nProbe Pro/Enterprise has been designed for low/mid rate (1/10 Gbps) while nProbe Cento has been designed to …
nDPI

nDPI: Internals and Frequent Questions
All ntop tools are based on nDPI but not every use is familiar with nDPI internals. We often receive questions about it, and it’s time to answer frequent questions. Q: How nDPI implements protocol detection? A: nDPI includes a list of protocol dissectors (356 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol and it will not …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe