nProbe

How To Analyse Asymmetric VLAN Traffic
A VLAN is a method for partitioning a layer two broadcast domain creating virtual networks of homogeneous systems hence promoting network segmentation. A ethernet port with no VLAN tag is called access port, whereas a switch port with VLAN-tagged packets is called tagged or trunk port. End systems are usually connected to access ports meaning that they deal with untagged packets that are then marked by the switch according to the VLAN port configuration. For this reason a end system is not aware of the VLAN id that is used …
nProbe

How Flow-Based Traffic Classification Works
Many ntop products such as ntopng, nProbe, and PF_RING FT just to name a few are based on network flows. However not all our users know in detail what is a network flow, and how it works in practice. This blog post describes what they are and how they work in practice. What is a network flow? A network flow is a set of packets with common properties. They often are identified by a 5-tuple key meaning that all packets of a given flow have the same source and destination …
ntopng

Going Beyond 5-Tuple in Network Flow Analysis
Traditionally flow-based tools are based on the 5-tuple attributes (source and destination IP, source and destination port and the protocol field). Often they are complemented with additional attributes such as VLAN or Tunnel Id in order to avoid mixing in the same flow packets that belong to different communications.  The above picture shows the 5-tuple key in the live flows window. Looking at flows using the 5-tuple makes sense if we want to understand what it is happening at the individual flow level, but it makes difficult to understand the …
ntopng

Announcing ntop Professional Training: May 2023
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training: . This is to announce that in May we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 2nd, 4th, 9th, 11th 16th, 23rd of May, 2023 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session …
ntopng

How to Keep your Infrastructure Healthy with ntopng
Almost 3 years ago we introduced Active Monitoring support in ntopng. This allows you to monitor the infrastructure and make sure that all systems are operational. In fact ntopng can continuously monitor hosts in your network by periodically running different active measurements including: ICMP, which measures the RTT (Round Trip Time). Continuous ICMP, which evaluates network reachability and service availability. Speedtest, which estimates the Internet bandwidth and latency contacting a speedtest server. HTTP(S), which checks the HTTP/HTTPS availability of web servers. Throughout, which tests the throughput contacting an HTTP server. As a …
ntop

Hardware Traffic Duplication on Intel Adapters Using PF_RING
Those of you who are familiar with kernel-bypass drivers like PF_RING ZC know that it is not possible to run multiple applications on top of the same Network interface and capture the same traffic twice. This is the case of Intel and most FPGA adapters. In fact, since the application takes full control of the adapter and configures it to copy packets directly to the application’s memory in hardware, access to the device must be exclusive. This unless the adapter natively support multiple consumers: this is the case of Mellanox/NVIDIA  and …
ntop

The Brand New nBox UI is Out
As announced during the last ntop Webinar, the new nBox UI has been released! What is nBox UI? nBox UI is a web-based User Interface that simplifies the ntop’s software configurations (ntopng, nProbe, nProbe Cento, n2disk, …), assisting with complex things such as creating configuration files and managing the services and let you focus on playing with the applications. nBox UI also helps you manage the box, with the ability to configure the box connectivity, users, etc. nBox UI is in practice what we use to build our nBox Recorder …
ntopng

ntop Webinar: Introduction to ntopng 5.6 and the New nBox UI
This is to invite you to attend a webinar about ntopng 5.6. This webinar will walk you through the innovations introduced with ntopng 5.6 stable release that we introduced at the end of January. You can learn the new features and get acquainted with the changes that have been introduced in the web interface. Finally, we will introduce a completely new release of the nBox GUI that you can use to manage installations of ntop applications. Below you can find the video of the webinar.   Enjoy ! …
ntopng

Introducing ntopng 5.6: New Reports and Cybersecurity Indicators, Kafka, Lua/Python API, Flow Collection Clustering
This is to announce the availability of ntopng 5.6 stable release that brings several additions and improvements: We have started to introduce responsiveness in ntopng GUI by means of VueJS. All timeseries and historical pages are now rewritten to take advantage of modern web technologies. You can now compare timeseries across hosts, devices, or anything that is a timeseries created by ntopng. In addition to the traditional/efficient C++ alerting subsystems, we have introduced a Lua API for developing new checks in seconds. This is a simple way to quickly prototype …
ntop

Introducing PF_RING 8.4: Zero-Copy Promisc Capture on Virtual Functions
This is to announce a new PF_RING release 8.4 ! This stable release adds zero-copy support for a new range of (virtual) adapters from Intel: the iavf-zc driver can be used to capture traffic from i40e (X710/XL710) and ice (E810) Virtual Functions. This new driver paves the way for new packet capture architectures as it enables high-speed promiscuous capture on Virtual Functions by leveraging on the SR-IOV trust mode available on Intel X710/XL710 adapters. It is now possible for instance to capture all traffic hitting the physical interface from multiple …
nDPI

Welcome to nDPI 4.6: code fuzzing, new protocol and flow risks
This is to announce the release of nDPI 4.6 that introduces various improvements with respect to the previous release. Many things changed in this release in terms of number of protocols and robustness thanks to code fuzzing introduced in this release. nDPI now natively supports 332 protocols and 50 flow risks, this in addition to protocols that can be configured using the protocol file. Protocol metadata extraction has been improved in various protocols as well DGA detection in host names. Below you can find the complete changelog. Enjoy !   …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe