Webinar

ntop Webinar on Dec 14th: Community Meeting and Future Plans
Many things have happened this year: new products, several improvements to existing tools, and a lot of new ideas that we want to discuss with our community. For this reason we have organised a webinar on December 14th at 16:00 CET / 10:00 EST for meeting our community, show what we’re doing and plan where we wanna go next year. Below you can find the webinar recording and the presentation slides. Title Speaker Introduction ntop team nDPId Toni Uhlig ntopng in 2022 Matteo Biscosi What’s new with PF_RING and nBox …
ntopng

Introducing Lua-based Host and Flow Behavioural Checks
With ntopng version 5 we have migrated performance sensitive sections of the ntopng engine from Lua to C++. This has enabled ntopng to scale up nicely while reducing resource needs such as CPU and memory. The drawback is that writing behavioural checks in C++ is not something that everyone can do. For this reason we are introducing two (one for Flows and the other for Hosts) behavioural checks that enable the check logic to be written in Lua. In order not to jeopardise the ntopng v5 performance, these checks are …
Cybersecurity

What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, let’s take a look at the Periodicity Map and what are the contained information. What we can see here is: The last seen – last time ntopng has seen a periodic activity (flow) The quintuplet …
nProbe

HowTo Deploy nProbe and ntopng on the Cloud
Some of our customers deploy ntopng on the cloud in order to collect flows coming from private nProbe instances often deployed on private networks or clouds. Thanks to ZMQ/Kafka communications, data sent by nProbe to ntopng travel encrypted; this is contrary to many other cloud-based collectors that instead receive clear-text IPFIX/NetFlow flows sent by exporters devices. In this setup ntopng cannot poll the routers as they are on a private networks thus unreachable from ntopng. This means that ntopng cannot poll router interfaces via SNMP and thus to report symbolic …
ntop

What’s New in ntopng: Keep an Eye on Lateral Movements
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Service Map. As you probably know, one of the most troublesome problems in a network, when it comes to security threats detection, is discovering Lateral Movements. Lateral Movements can be defined as network activities that an Attacker does when he gain access to a device in the victim’s Local Network, and starts …
ntopng

Deploying ntopng at Scale: Jessa Ziekenhuis
This is a report from one of our users from the field, who decided to use ntopng to monitor a large network. Many thanks to Bjorn for sharing this information with our community.   Our network Jessa Ziekenhuis is one of the biggest, non-academic, hospitals in Belgium. Spread over 4 campuses, we manage 3 data centres and about 90 data racks. Combined, this leads us to over 6,000 connected (and active) hosts ranging from laptops, desktops, MRIs, ultrasounds,… Challenges With hundreds of different specialised (medical) applications, (medical) devices, it’s hard …
ntopng

What’s New in ntopng: Host Traffic Analysis
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about Host Traffic Analysis. When analyzing traffic generated by a host, one of the main metrics we are interested in protocol traffic. ntopng keeps many traffic counters for traffic a host generates/receives, including traffic per protocol (e.g. TCP), application protocol (e.g TLS), breed (e.g. Unsafe Traffic), etc. In order to enhance those information, we …
nProbe

Howto use Kafka (instead of ZMQ) For Reliable Flow Collection and IPC
Historically, we have used ZMQ for interconnecting nProbe to ntopng, as this is a fast and simple messaging system. However one of they key advantage of ZMQ of being broker-less is sometime a problem. In case of maintenance, traffic peaks, or unreliable communications, the ZMQ communication between nProbe and ntopng will drop flows with the result that some data will never reach ntopng. As Apache Kafka is the de-facto standard for messaging communications, we have decided to extend its support from flow egress in nProbe / nProbe Cento, to communication …
ntopng

What’s New in ntopng: Alert Severities
Hello everybody ! We are going to use this new blog-post serie to explain ntopng new features and graphic changes; let we know your feedback! Today we are going to talk about Alert Severities. In ntopng, Alert Severities, are really important because they are used to understand how severe a problem is. Unfortunately we noticed that there are too many alerts with high score and high severities, confusing ntopng users on which is a critical problem and which is not, independently from the network. For this reason we decided to …
ntop

ntop Professional Training: November 2022
ntop tools are continuously evolving and getting extended in order to take into account new requirements. Every new release adds many new features that needs to be mastered. In addition to this, new users demand professional training to quickly learn our tools and be productive in limited time. For this reason ntop offers professional training in addition to periodic webinars, video tutorials, and community support. This is to announce that the next ntop Professional Training will take place in November 2022. This ntop training mainly focus on ntopng, new features, …
Network Infrastructure

Global companies are adopting AI technologies to combat cyber threats
In an increasingly interconnected world, cybersecurity has become one of the most critical aspects of modern digital life. Businesses, individuals, and governments rely on secure digital environments to conduct daily operations, communicate sensitive information, and safeguard critical infrastructure. As cyber threats evolve, the need for robust cybersecurity measures becomes paramount. For professionals in the field, becoming a trusted expert means not only providing technical solutions but also building confidence in those who rely on their services. The digital age has revolutionized the way we live and work, but it has …
Cybersecurity

Malware Traffic Analysis in ntopng
ntop users have started to use our tools for malware analysis as contrary to packet sniffers or text-based security tools, ntopng comes with a web interface that simplifies the analysis. For this reason we have recently: Added the ability to upload a pcap file to ntopng using the web GUI, so that you can analyze traffic traces without the need to transfer them to the ntopng host using SCP or similar protocols. Enhanced the list of nDPI flow risks (47 as of today) with the ability to detect webshells and …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe