nProbe

nProbe 10.2 is Available: Redesigned Kafka Export, nTap and Google Cloud Support
Today we announce the availability of nProbe 10.2 that features native nTap support for generating flows from remote devices, and redesigned Kafka support for both flow export and communication with ntopng. With this respect, the new –ntopng <URL> command line option will replace in the future –zmq as it allows to both specify if ZMQ or Kafka is used to communicate with ntopng (i.e. “–ntopng zmq://192.168.1.10:1234” is the new syntax that replaces “–zmq tcp://192.168.1.10:1234”). In this release nProbe also supports exports to Google Pub/Sub for implementing a scalable datalake. Finally, …
ntopng

Using Multitenancy in ntopng
Not all ntop users know that ntopng natively implements multitenancy support. Namely you can use ntopng to collect and analyse traffic from multiple users, and show to each user its own traffic, hiding all the rest. All you need to do is very simple Start ntopng and configure it to receive monitored traffic. You can do it via flows or packets. Create ntopng users and for each user specify the traffic restrictions. ntopng will honour all this. Let’s now see this in detail.   Flow and Packet Collection ntopng allows …
ntopng

Rethinking Flow Visualisation in ntopng
For years ntopng has listed flows in a tabular view. Our users are used to it, and over time we have added new features and filtering capabilities. What we have not yet done, is rethink how flows are reported. Reworking the ntopng GUI is something we will tackle in the next major ntopng release, but for the time being we have started with tiny changes that should ease the process of understanding what is happening. For this reason the flow page has been extended with a new analysis menu entry. …
nProbe

Scaling Up: How To Collect, Analyse, and Store Flows at Scale (100 Gbit+)
Most ntop tools such as nProbe cento and n2disk have been designed to run at high speed (today we consider 100 Gbit a high-speed link). ntopng instead has to perform many activities including behavioral traffic analysis that makes it unable to process traffic well above 10 Gbit. In this case you can use nProbe Cento to send ntopng (preprocessed) flows and you can monitor 100 Gbit networks without dropping a single packet. In the above picture ntopng can handle 25k-50k flows/sec per interface (the exact figure depends on the hardware …
ntopng

Using Python (including Jupyter Notebook) with ntopng
Most programmers and network/security administrators are familiar with the Python language. As from time to time we receive requests from our users for creating custom reports, or extracting other type of data (e.g. alerts or timeseries) from ntopng, we have decided to create a Python API for ntopng. Such API allows developers to extract data from ntopng similar to what other Python APIs do (e.g. pyshark for Wireshark). Using this API you can Read host statistics Get the active flows list Query network interface stats Search historical flows Those familiar …
Cybersecurity

HowTo Use Periodic Traffic Analysis in Cybersecurity
Since v5 ntopng has the ability to detect periodic activities, i.e. activities that are repeated periodically at a given pace (note that each activity can have a different frequency, and ntopng is able to detect them). Periodic activities are not bad per se (e.g. an email application fetches new messages every 5 minutes) but it can be a good indicator whenever periodicity is reported in alerts. For instance looking at the alerts below you can see that a client is making periodic requests to the same server Looking at the …
ntop

Short 1Q23 Roadmap
Happy new year ! At ntop we’re working hard even during these to finish new software releases that we plan to release this quarter. In our December 2022 webinar we have previewed our ongoing developments that we plan to complete soon, and that include: First release of cockpit-based totally redesigned nBox GUI that everyone can use to create its own ntop-based monitoring device. Release of nTap stable. Release of improved nProbe that included native nTap support and redesigned Kafka implementation. Vastly improved ntopng release that includes Redesigned timeseries support: you …
nDPI

HowTo Monitor Zoom Performance and Video/Call Quality
Zoom is a popular platform for video communications and team collaboration. As many other cloud services, network administrators need to supervise Zoom network traffic usage. DPI toolkits such as nDPI are useful for identifying Zoom traffic for supervising the network bandwidth used by your Zoom calls. Recently we have took advantage of this research work to improve Zoom protocol dissection in order to Recognise Zoom video, audio, and screen sharing streams (previously they were classified just with a generic Zoom label). In addition to existing metrics such as bandwidth or …
Cybersecurity

What’s New in ntopng: Network Assets
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Asset Map. Have you ever asked yourself, what are the NTP servers in your network? Or, are all active DNS servers? Well, the Asset Map is useful  exactly in this case. The Asset Map is a map we designed to know what exactly is (are) the DNS, NTP,… server(s) active in a …
Webinar

ntop Webinar on Dec 14th: Community Meeting and Future Plans
Many things have happened this year: new products, several improvements to existing tools, and a lot of new ideas that we want to discuss with our community. For this reason we have organised a webinar on December 14th at 16:00 CET / 10:00 EST for meeting our community, show what we’re doing and plan where we wanna go next year. Below you can find the webinar recording and the presentation slides. Title Speaker Introduction ntop team nDPId Toni Uhlig ntopng in 2022 Matteo Biscosi What’s new with PF_RING and nBox …
ntopng

Introducing Lua-based Host and Flow Behavioural Checks
With ntopng version 5 we have migrated performance sensitive sections of the ntopng engine from Lua to C++. This has enabled ntopng to scale up nicely while reducing resource needs such as CPU and memory. The drawback is that writing behavioural checks in C++ is not something that everyone can do. For this reason we are introducing two (one for Flows and the other for Hosts) behavioural checks that enable the check logic to be written in Lua. In order not to jeopardise the ntopng v5 performance, these checks are …
Cybersecurity

What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, let’s take a look at the Periodicity Map and what are the contained information. What we can see here is: The last seen – last time ntopng has seen a periodic activity (flow) The quintuplet …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe