nProbe

HowTo Implement Flow Relay, Replication and Fanout with nProbe
Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy collector. Implementing all this is often an expensive exercise with non-ntop solutions, therefore in order to ease migration to ntop tools, we made available in the nProbe package a couple of tools that can implement typical activities such as flow relay, replication and fanout easily. Below you can learn how …
ntop

HowTo Select the Right Network Adapter for Traffic Monitoring and Cybersecurity
Since the introduction of PF_RING ZC drivers for Mellanox/NVIDIA, and the new family of Intel E810 adapters, the activity of selecting the best, cost-effective adapter, based on the use case and the performance we need to achieve, has become more complicated. Let’s try to shed some light. Intel Adapters Most commodity adapters, including Intel and Mellanox, are based on ASIC chipsets, which are cheap and provide simple RX/TX operations, with no (or limited) programmability. Those adapters have been designed for general purpose connectivity and are not really optimized for moving …
Cybersecurity

What is CyberScore and How it Works: a Technical Overview
ntop users as familiar with concepts such as flow risk and cyberscore. This week we have presented a conference paper [slides] at 2022 IEEE International Conference on Cyber Security and Resilience where we describe in detail what is cyberscore, how it works, and how we have validated it in real life. In essence this is the explanation of the idea that are powering our tools, validated by the academia and not just by our users. This is in addition to what ntop users are doing every day when using ntop …
ntop

Introduced RHEL/RockyLinux 9 support (and new GPG Package Signing Keys)
This is to announce the availability of ntop packages for RedHat EL9 / RockyLinux 9 at packages.ntop.org. This has forced us to change many things in the way we build packages due to the deprecation of the SHA-1 algorithm. Because of this we had to modify the GPG signing keys used to sign the ntop packages for all platforms (and thus not limited to RHEL/RockyLinux 9). This has the side effect that for installed system, you need to reinstall the apt-ntop/apt-ntop-stable (Ubuntu/Debian) or yum update (CentOS/RHEL/RockyLinux). For all details we …
ntop

Welcome to ntopng 5.4: Enhanced Traffic Analysis and Cybersecurity
The previous stable release introduced a new persistency layer based on ClickHouse, paving the way for a more flexible yet fast historical data analysis, with its ability to store billion of records (alerts and flows) with limited disk space and very low query time. This new 5.4 release introduces many enhancements in the historical data analysis with more comprehensive information and additional analysis pages to provide clear insights about Network issues. In order to further easy the analysis, the search bar has also been reworked, to let you find what you are …
nProbe

Welcome to nProbe 10: Agent-mode, Timeseries, AWS/Google Cloud, Custom Flow Collection
nProbe 1.0 was introduced in 2002. After 20 years we are glad to introduce nProbe 10 that introduces several new features and improvements: Agent mode for process monitoring on Linux (eBPF) and Windows Implemented timeseries support for nProbe self-monitoring and sFlow-based counter timeseries Conversion of Amazon AWS VPC files into flows Export of flows towards Google Pub/Sub Improved collection of proprietary flows, including Nokia and Calix Support for collecting flows from syslog Agent Mode When nProbe in deployed on a host, it is possible to use the new –agent-mode command …
Cybersecurity

Introducing nDPI 4.4: Many New Protocols, Improvements and Cybersecurity Features
This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for detecting risks and extracting metadata from protocols. Our idea is to make nDPI more user friendly, going beyond protocol detection, and adding the ability to interpret traffic and tell what is wrong and why. You can read the full changelog, or find below an excerpt of the most relevant changes. …
ntopng

HowTo Visualise ntopng Alerts in Kibana
ntopng can export both flows and alerts in Elastic according to the Elastic Common Schema (ECS) format. You can dump flows (not alerts) in Elastic starting ntopng with -F “es;<mapping type>;<idx name>;<es URL>;<http auth>”. For instance you can do ntopng -F "es;ntopng;ntopng-%%Y.%%m.%%d;http://localhost:9200/_bulk;" We do not advise to use Elastic as flow collector, as when the record cardinality increases the database slows down and you are forced to use an Elastic cluster even on mid-size networks. We definitively advise you to enable -F clickhouse instead that is able to handle billion …
PF_RING

Introducing PF_RING 8.2: New Mellanox Support
This is to announce a new PF_RING release 8.2! This new stable version adds support for a new family of ASIC-based adapters from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 (please check the User’s Guide for the exact list of supported firmwares). This new driver/adapter combination delivers high performance (in our tests nProbe Cento was able to scale up to 100 Gbps with worst case traffic using a few CPU cores) and provides high flexibility, with support for hardware packet filtering, traffic duplication, load-balancing and nanosecond hardware timestamping as described in a previous post. This …
nProbe

HowTo Use nProbe To Create Traffic Timeseries in InfluxDB
One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana dashboard for instance. Timeseries are dumped by means of two new nProbe command line options: --influxdb-dump-dir <dir> This allows timeseries to be stored in Line protocol format into the specified directory. A new file is created every minute. --influxdb-exec-cmd <cmd> This option allows to process an timeseries file as soon …
News

ntopConf2022: News, Announcements and Future Plans
Last week the ntopConf 2022 was held in presence in Milan at Bocconi University and about 100 people attended it. Presentation material including slides and videos are available at the conference page so even if you have missed this event you can see what happened and presented. On a nutshell: This July we will release new software versions including a major nProbe 10 release. We are modifying our tools to accommodate the SaaS model as some of our users provide services and we want to simplify their lives. We are …
nDPI

How to Configure Flow Risk Exclusions in nDPI and ntopng
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of risk exceptions in ntopng to make them fully configurable with a matter of clicks, you can easily configure risk exceptions by adding them to a protos.txt file. Such file can be passed to ntopng on the configuration file by adding a line such as --ndpi-protocols=/etc/ntopng/protos.txt and creating the /etc/ntopng/protos.txt file. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe