PF_RING

How PF_RING is Used to Fight Internet Censorship: Refraction Networking
Internet censorship is a global phenomenon (see Figure 1) that aims to throttle or entirely block access to certain Internet resources. National or regional governments impose Internet censorship by using sophisticated networking appliances—strategically placed at the edge of their networks at various Internet inter-connection points—capable of inspecting and discarding network packets destined to sites with restricted content. Users that try to evade censorship have traditionally relied on techniques based on “domain fronting” and VPNs. However, these censorship circumvention tools are increasingly becoming harder to deploy and do not offer strong …
Announce

ntop Conference 2022: Call for Speakers
This is to announce the dates of the ntop conference 2022 that will take place in Milan at UniBocconi: June 23rd conference, 24th training. We are currently looking for speakers as we want to hear your voice. Topics include (but are not limited to): Cybersecurity IoT monitoring Integration of Kibana/Grafana/CheckMK/Nagios with ntop tools Attacks and DDoS Sharing of experience monitoring networks using ntop tools Encrypted traffic analysis Deep Packet Inspection All details are available at this page. …
ntop

ntop Professional Training: May 2022
This is to announce that the next ntop professional training will take place in May 2022. All those who are using ntop tools for business are invited to attend this session. The idea is to divide the training in 5 session of 90 minutes each, so that you can attend the training without having to leave your daily activities. At this page can read more about training content, costs, and registration information Make sure to join it ! …
ntopng

How We Simplified Data Search in ntopng
ntopng users are familiar with the search box present at the top of each page. It was originally designed to find hosts and jump to their details page. Over the years we have added a lot of new information in ntopng, and limiting its scope only to hosts was not a good idea. The image below is how we have improved it. In the new search we do not limit our scope to hosts but to everything inside ntopng, as a a mini embedded search engine. The first column shows …
ntopng

Dispatching Alerts: How to Master Notifications in ntopng
Alerts in ntopng are the result of traffic analysis based on checks. Checks detect that specific indicators on traffic require attention: for instance a host whose behavioural score has exceeded a given threshold or a flow that is exfiltrating data. Checks process traffic information with respect to a specific Network element, and for this reason they are divided into families (e.g. host, interface, flow, …). Regardless of the family, they can cover a security aspect, or they can monitor the network performance, for this reason they belong to different categories …
Cybersecurity

Incident Analysis: How to Correlate Alerts with Flows and Packets
In incident analysis it is important to provide evidence of the problem  at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected specific indicators in traffic that triggered the alert. For instance a host whose behavioural score has exceeded a given threshold or a flow that has is exfiltrating data. Flows Are the result of aggregation of packets belonging to the same connection and are used to compute alerts. Packets This is the most granular data that contains evidence …
ntopng

Using ntopng with Checkmk: A Tutorial
Today we’ll discuss the ntopng integration with Checkmk, a popular open source infrastructure monitoring tool to which ntopng adds traffic visibility. If IT infrastructure monitoring and network usage monitoring would see each other on Tinder, they would both for sure swipe right and match. Bringing the big picture perspective of IT infrastructure monitoring together with the in-depth information from network usage monitoring is thus a logical step. That’s why ntop and tribe29, the developers of the IT monitoring solution Checkmk partnered and jointly built a seamless integration of both tools. …
nDPI

You’re invited at FOSDEM 2022 (5 and 6 February) in the ntop stand
As most of our users know, every year we were used to meet the world of open source at FOSDEM in Brussels. Due to pandemic, this yearly event has been moved online so we invite you to attend it wherever you are. You can find more info at this page, but in summary we have two main events On Saturday we plan to show the latest tools we have developed, including ntopng 5.2 that we have just released. The idea is to highlight the main tool features, and discuss about …
ntop

Welcome to ntopng 5.2: Historical Data Analysis, Better Performance and Alerting
Initially designed as a maintenance release, 5.2 brings many improvements in its processing engine with over 3’000 code commits. The main goal is to enhance application scalability by optimising memory and CPU usage, while introducing a new persistency layer based on ClickHouse that has replaced nIndex a home-grown high-performance indexing system that we introduced years ago. This layer enables ntopng 5.2 to store billion of flow records and alerts with limited disk space and sub-second response time by providing full visibility in terms of packets, flows and alerts. In essence …
ntop

Introducing nDPI 4.2: More Protocols and Robustness with -80% Memory
This is to announce the availability of nDPI 4.2 stable that brings several improvements and a reduced per-flow memory footprint (about -80% with respect to 4.0). We have continued to improve the DPI engine adding richer protocol metadata, as well as adding support for many platforms. The continuous integration toolchain along with fuzzy-testing allowed us to improve the overall library robustness and reliability which is a key feature when analyzing traffic, in particular for cybersecurity. In our vision, nDPI should be a traffic analysis layer sitting on top of packet …
ntopng

ntopng and ClickHouse: Lessons Learnt at California Institute of Technology
Caltech has been experimenting with ntopng on our network for slightly over a year now.  We send a decent amount of traffic to ntopng, bursting up to 20Gbps, utilising Cento to read the wire and forward the data to ntopng via PF_RING ZC.  This configuration has been working pretty well, though we were encountering issues once we reached about 16 – 20 days of data retention, where ntopng would begin to drop data points from that point forward, and I noticed InfluxDB would utilize 60% or more of available memory, …
ntop

Historical Traffic Analysis at Scale: Using ClickHouse with ntopng
Last year we have announced the integration of ClickHouse, an open source high-speed database, with nProbe for high-speed flow collection and storage. Years before we have created nIndex, a columnar data indexing system that we have integrated in ntopng, but that was just an index and not a “real” database. We have selected ClickHouse for a few reasons: It is open source and developed by a vibrant community. It is very efficient in both speed and size, that were the main features for which we created nIndex. This is very …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe