ntopng

What’s New in ntopng: Alert Severities
Hello everybody ! We are going to use this new blog-post serie to explain ntopng new features and graphic changes; let we know your feedback! Today we are going to talk about Alert Severities. In ntopng, Alert Severities, are really important because they are used to understand how severe a problem is. Unfortunately we noticed that there are too many alerts with high score and high severities, confusing ntopng users on which is a critical problem and which is not, independently from the network. For this reason we decided to …
ntop

ntop Professional Training: November 2022
ntop tools are continuously evolving and getting extended in order to take into account new requirements. Every new release adds many new features that needs to be mastered. In addition to this, new users demand professional training to quickly learn our tools and be productive in limited time. For this reason ntop offers professional training in addition to periodic webinars, video tutorials, and community support. This is to announce that the next ntop Professional Training will take place in November 2022. This ntop training mainly focus on ntopng, new features, …
Network Infrastructure

Global companies are adopting AI technologies to combat cyber threats
In an increasingly interconnected world, cybersecurity has become one of the most critical aspects of modern digital life. Businesses, individuals, and governments rely on secure digital environments to conduct daily operations, communicate sensitive information, and safeguard critical infrastructure. As cyber threats evolve, the need for robust cybersecurity measures becomes paramount. For professionals in the field, becoming a trusted expert means not only providing technical solutions but also building confidence in those who rely on their services. The digital age has revolutionized the way we live and work, but it has …
Cybersecurity

Malware Traffic Analysis in ntopng
ntop users have started to use our tools for malware analysis as contrary to packet sniffers or text-based security tools, ntopng comes with a web interface that simplifies the analysis. For this reason we have recently: Added the ability to upload a pcap file to ntopng using the web GUI, so that you can analyze traffic traces without the need to transfer them to the ntopng host using SCP or similar protocols. Enhanced the list of nDPI flow risks (47 as of today) with the ability to detect webshells and …
Cybersecurity

Using Blacklists to Catch Malware Communications Using ntopng
A category list is a control mechanism used to label traffic according to a category. In nDPI, the traffic classification engine on top of which ntop applications are built, there are various categories including (but not limited to) mining malware advertisement file sharing video streaming A blacklist is a list of IP addresses or symbolic domain names, that is used to label malicious traffic. These lists are often computed using honeypots, that in essence are hosts or services deployed on a network (usually the Internet) that are easy to break-in …
ntop

Traffic Monitoring and Enforcement for ISPs and Service Providers
Last week we have talked at ITNOG6 where we presented a report of the lessons learnt while monitoring ISP and service providers networks. This work is the result of one year of activities carried on with some of our users who provided feedback and new ideas. In summary we concluded that cybersecurity is a hot topic for these users and that DDoS mitigation is not enough for keeping a network healthy, but that they need tools able to both collect flows and packets, and implement ETA (Encrypted Traffic Analysis) as …
ntopng

HowTo Use ntopng for Pcap Analysis
Many times traffic analysts receive pcap files containing some traffic to analyse. The usual steps for analysing the pcap file with ntopng have been for a long time: Save the pcap file to disk and upload it to the host where ntopng is running. Stop the ntopng service and restart it from shell as ‘ntopng -i uploaded_file.pcap’ Once the analysis is over, stop ntopng, delete the uploaded pcap, and restart ntopng as a service. These steps are too complex for many people, and do not ease the adoption of ntopng …
Announce

Introducing nTap: a Virtual Tap for Monitoring and Cybersecurity (including Wireshark, Suricata, Zeek, OpenvSwitch)
This is to announce a new product named nTap that implements a software tap, to be used in physical and virtual/containerised environments.   Using nTap with ntop applications nTap with Third Party Applications nTap allows you to capture and deliver packets using a secure and encrypted communication channel from remote hosts to a collector host where traffic is received and injected on a virtual interface. In essence nTap allows you to create a virtual interface from which you can receive packets originating from remote hosts. Thanks to this design, all …
nProbe

HowTo Implement Flow Relay, Replication and Fanout with nProbe
Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy collector. Implementing all this is often an expensive exercise with non-ntop solutions, therefore in order to ease migration to ntop tools, we made available in the nProbe package a couple of tools that can implement typical activities such as flow relay, replication and fanout easily. Below you can learn how …
ntop

HowTo Select the Right Network Adapter for Traffic Monitoring and Cybersecurity
Since the introduction of PF_RING ZC drivers for Mellanox/NVIDIA, and the new family of Intel E810 adapters, the activity of selecting the best, cost-effective adapter, based on the use case and the performance we need to achieve, has become more complicated. Let’s try to shed some light. Intel Adapters Most commodity adapters, including Intel and Mellanox, are based on ASIC chipsets, which are cheap and provide simple RX/TX operations, with no (or limited) programmability. Those adapters have been designed for general purpose connectivity and are not really optimized for moving …
Cybersecurity

What is CyberScore and How it Works: a Technical Overview
ntop users as familiar with concepts such as flow risk and cyberscore. This week we have presented a conference paper [slides] at 2022 IEEE International Conference on Cyber Security and Resilience where we describe in detail what is cyberscore, how it works, and how we have validated it in real life. In essence this is the explanation of the idea that are powering our tools, validated by the academia and not just by our users. This is in addition to what ntop users are doing every day when using ntop …
ntop

Introduced RHEL/RockyLinux 9 support (and new GPG Package Signing Keys)
This is to announce the availability of ntop packages for RedHat EL9 / RockyLinux 9 at packages.ntop.org. This has forced us to change many things in the way we build packages due to the deprecation of the SHA-1 algorithm. Because of this we had to modify the GPG signing keys used to sign the ntop packages for all platforms (and thus not limited to RHEL/RockyLinux 9). This has the side effect that for installed system, you need to reinstall the apt-ntop/apt-ntop-stable (Ubuntu/Debian) or yum update (CentOS/RHEL/RockyLinux). For all details we …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe