ntop

Welcome to ntopng 5.4: Enhanced Traffic Analysis and Cybersecurity
The previous stable release introduced a new persistency layer based on ClickHouse, paving the way for a more flexible yet fast historical data analysis, with its ability to store billion of records (alerts and flows) with limited disk space and very low query time. This new 5.4 release introduces many enhancements in the historical data analysis with more comprehensive information and additional analysis pages to provide clear insights about Network issues. In order to further easy the analysis, the search bar has also been reworked, to let you find what you are …
nProbe

Welcome to nProbe 10: Agent-mode, Timeseries, AWS/Google Cloud, Custom Flow Collection
nProbe 1.0 was introduced in 2002. After 20 years we are glad to introduce nProbe 10 that introduces several new features and improvements: Agent mode for process monitoring on Linux (eBPF) and Windows Implemented timeseries support for nProbe self-monitoring and sFlow-based counter timeseries Conversion of Amazon AWS VPC files into flows Export of flows towards Google Pub/Sub Improved collection of proprietary flows, including Nokia and Calix Support for collecting flows from syslog Agent Mode When nProbe in deployed on a host, it is possible to use the new –agent-mode command …
Cybersecurity

Introducing nDPI 4.4: Many New Protocols, Improvements and Cybersecurity Features
This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for detecting risks and extracting metadata from protocols. Our idea is to make nDPI more user friendly, going beyond protocol detection, and adding the ability to interpret traffic and tell what is wrong and why. You can read the full changelog, or find below an excerpt of the most relevant changes. …
ntopng

HowTo Visualise ntopng Alerts in Kibana
ntopng can export both flows and alerts in Elastic according to the Elastic Common Schema (ECS) format. You can dump flows (not alerts) in Elastic starting ntopng with -F “es;<mapping type>;<idx name>;<es URL>;<http auth>”. For instance you can do ntopng -F "es;ntopng;ntopng-%%Y.%%m.%%d;http://localhost:9200/_bulk;" We do not advise to use Elastic as flow collector, as when the record cardinality increases the database slows down and you are forced to use an Elastic cluster even on mid-size networks. We definitively advise you to enable -F clickhouse instead that is able to handle billion …
PF_RING

Introducing PF_RING 8.2: New Mellanox Support
This is to announce a new PF_RING release 8.2! This new stable version adds support for a new family of ASIC-based adapters from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 (please check the User’s Guide for the exact list of supported firmwares). This new driver/adapter combination delivers high performance (in our tests nProbe Cento was able to scale up to 100 Gbps with worst case traffic using a few CPU cores) and provides high flexibility, with support for hardware packet filtering, traffic duplication, load-balancing and nanosecond hardware timestamping as described in a previous post. This …
nProbe

HowTo Use nProbe To Create Traffic Timeseries in InfluxDB
One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana dashboard for instance. Timeseries are dumped by means of two new nProbe command line options: --influxdb-dump-dir <dir> This allows timeseries to be stored in Line protocol format into the specified directory. A new file is created every minute. --influxdb-exec-cmd <cmd> This option allows to process an timeseries file as soon …
News

ntopConf2022: News, Announcements and Future Plans
Last week the ntopConf 2022 was held in presence in Milan at Bocconi University and about 100 people attended it. Presentation material including slides and videos are available at the conference page so even if you have missed this event you can see what happened and presented. On a nutshell: This July we will release new software versions including a major nProbe 10 release. We are modifying our tools to accommodate the SaaS model as some of our users provide services and we want to simplify their lives. We are …
nDPI

How to Configure Flow Risk Exclusions in nDPI and ntopng
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of risk exceptions in ntopng to make them fully configurable with a matter of clicks, you can easily configure risk exceptions by adding them to a protos.txt file. Such file can be passed to ntopng on the configuration file by adding a line such as --ndpi-protocols=/etc/ntopng/protos.txt and creating the /etc/ntopng/protos.txt file. …
ntop

Best Practices for Using ntop Tools on Containers
Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools such as Portainer or Kubernetes. When using containers, there are a few things to keep in mind: Service Persistency ntopng relies on third party services such as Redis (required) and InfluxDB (optional) to operate. In order not to loose information at container restart, you need to persistently store data or configure ntop tools to rely on such services on an …
Cybersecurity

How ntopng monitors IEC 60870-5-104 traffic
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they discover. That is why for the second malware two names were assigned, Incontroller or Pipedream. This malware was discovered before it was deployed. Industroyer2 [1] is an evolution of Industroyer1, first seen in 2014. Both variants are targeting the electrical energy sector, specifically in Ukraine. As the malware is using …
ntop

Registration for ntopConf 2022 (June 23-24) is now Open
This year the ntop community will meet in Milan, Italy on June 23-24. Conference will take place the first day, whereas the second day will be used for training. We’ll be talking about network traffic monitoring, cybersecurity, and discuss future roadmap items. It is a good chance to get together after pandemic restrictions, as well for us to meet our community. You can read more about this event and read the program at this page where you can also find the registration link. Note: this is a free (no cost) …
nProbe

HowTo Use TLS for Securing Flow Export/Collection
One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow packets that can then pollute the collected information. As of today, unencrypted protocols need to be avoided and thus some workarounds to this problem need to be identified. Often people use VPNs to export flows, but this is not a simple setup with cloud services or on complex networks, so …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe