Webinar

Webinar on Traffic Analysis for Cybersecurity: Current State of the Art and Ongoing Developments
On October 28th at 4 PM CET / 10 AM EST we have organised a webinar on cybersecurity. The idea was to describe in detail what we have implemented so far for tackling cybersecurity events, and what are the future plans and ongoing developments. Topics included nDPI traffic analysis: flow risks and Encrypted Traffic Analysis (ETA). Behavioural traffic analysis. Combining nProbe and ntop with IPS facilities. Beyond nProbe Agent: user and process analysis in monitored flows. For those who have missed the event, here you can find the presentation slides …
tutorials

Introducing ntop Professional Training Service
Many of you are asking professional training, in particular in companies and large installations. Over the years we have produced many software applications that allow you to improve network visibility and block cybersecurity threats. In this over increasing ecosystem, we acknowledge that blog posts and webinars might not be sufficient for everyone. For this reason we have created a professional training service designed for people who want to master ntop products in their daily activities. The idea is to divide the training in 5 session of 90 minutes each, so …
Webinar

October 7th: Webinar on ntopng 5.0. You’re invited !
This is to invite you to the webinar about ntopng 5.0 released this summer. The idea is to walk through the new features and possibilities offered by this version. We hope to see you all ! Webinar Content ntopng was initially designed as a tool for real-time network traffic monitoring, with the release 5.0. we have started its transition from monitoring to an AIOps tool. We wanted to make it more accessible and intelligent, able to analyze network metrics in real-time and collapse tens or even thousands of metrics into …
ntopng

HowTo Monitor Traffic in SMEs and Home Networks: A Primer
In the first part of this series of articles, we focused on monitoring ISPs and MSP traffic. Today we analyse network traffic in SMEs and home networks. The typical network layout of a home or a small business is depicted below.   The ISP provides a router for connecting to the Internet (e.g. xDSL or fibre) that usually also features an embedded access point used by phones, tablets or laptops to connect to the Internet. In order to monitor LAN traffic, the best solution is to replace the current switch …
nProbe

How To Configure Flow and Packet Deduplication in nProbe
Sometimes traffic monitoring requires data deduplication as due to topology or hardware constraints there are some network traffic activities that are monitored by multiple devices, and others that are monitored only by a single device. This means that unless some corrections are configured, traffic measurements are wrong and thus useless. Fortunately, we have implemented some features that allows you to avoid this problem by discarding duplicated traffic before this hits the collector. This is because the collector is overwhelmed by the various activities it has to carry on, so it …
nProbe

HowTo Monitor Customer Traffic in Managed Service Providers and ISPs
ISPs have provided Internet access to customers for years and the only goal was to connect their users to the Internet. Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) deliver network, services and infrastructure on customer premises and have become relatively popular in the past few years. Over time customers started to ask new services, including traffic monitoring, security (here MSSP come into the scene) and visibility. So if you as a MSP, MSSP or ISP and you are wondering how to monitor customer traffic using ntop tools, …
Announce

ntopng 5.0 Is Out: Modern Traffic Monitoring for AIOps and Cybersecurity
ntopng was initially designed as a tool for realtime network traffic monitoring. The idea was to create a DPI-based tool able to report traffic statistics. Overtime we have added the ability to implement active monitoring checks, SNMP, and various other features. However there was a fundamental point that was missing: go beyond traffic reporting, moving towards traffic analysis. The current Grafana-like trend of having several large screens full of dashboards is the opposite of what we believe we should do. This approach requires network and security administrators to be trained …
ntop

Introducing PF_RING 8.0: Batch Packet Processing and XDP Support
This is to announce a new PF_RING release 8.0. This new stable version includes enhancements for improving application performances, by adding support for batch processing also in the standard API (it was already available in the ZC API), and consolidates XDP support, which has been reworked to fully leverage on the latest Zero-Copy support and buffers management and take full advantage of the native batch capture. This release also adds support for the latest kernels to the ZC drivers for Intel adapters, including those shipped with CentOS (8.4) and Ubuntu LTS (20) …
nDPI

Configuring nDPI Flow Risk Exceptions
One of the newest features of nDPI 4 is the ability to identify flow risks. Unfortunately sometimes you need to add exceptions as some of those risks, while correct, need to be ignored. Examples include: An old device that is speaking an outdate TLS version but that you cannot upgrade, and that you have done your best to protect. A host name that looks like a DGA but that it isn’t. A service running on a non-standard port but that works perfectly as is. In order to address the need …
ntopng

Infrastructure Monitoring: Observing The Health and Status of Multiple ntopng Instances
Introduction Quis custodiet ipsos custodes? (Juvenal). In other words: who will guard the guards themselves? If you use ntopng to monitor your network, you also need to make sure ntopng is monitored as in case of failure, ntopng will not report any alert, and the network administrator can interpret that as a sign of good health, instead of interpreting it as lack of monitoring.Recent 4.3+ versions of ntopng have the capability to monitor other ntopng instances, being them in the same local LAN or physically/geographically distributed. This capability, also referred …
nProbe

nProbe 9.6 Released: IPS, ClickHouse, Observation Points, FreeBSD Support
This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point to enable distributed collection labelling. Added support for collecting and generating flows using Amazon Virtual Private Cloud (VPC) flow logs. Out of the box native FreeBSD/OPNsense/pfSense support. Support of traffic directions in collected traffic. Transparent VM systemId support to implement persistent systemId during VM migrations. Added companion tool nprobe-config for …
cento

Introducing nProbe Cento 1.14
This is to announce a new release of the ntop’s 100 Gbit probe, nProbe Cento 1.14. In this version we have integrated the latest features from nDPI, the ntop’s Deep-Packet-Inspection engine, that is now 2.5x faster than the previous version. Flows are enriched with Flow Risks, which represents a set of issues detected by nDPI, and a Flow Score, which is computed based on the risks severity, to indicates how bad is each flow. The flow dump has also been improved by adding the Community ID (a flow identifier which …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe