Announce

Released Cento 2.2: Enhanced Flow Offload, QoE Metrics, and GTP Correlation

We’re excited to announce a new release of Cento 2.2, our high-performance flow-based traffic processing engine. This release brings major enhancements in traffic analysis capabilities, particularly for mobile network monitoring, quality assessment, and flow offloading on Napatech adapters. Whether you’re deploying Cento in ISP-grade infrastructures or using it for deep traffic inspection, this release is packed with powerful new features and improvements designed to push performance and visibility to the next level. Full Flow Table Offload on Napatech Adapters Cento 2.2 now offers fully-fledged Flow Table offload support with the …
Announce

Released PF_RING 9.0.0: Fully Fledged Hardware Flow Tracking

This is to announce a new PF_RING release 9.0.0! This release brings significant improvements for a deeper flow tracking integrations, making PF_RING even more powerful for building high-performance flow processing networking applications able to leverage on state-of-the-art hardware offloads at high speed. In fact we’ve streamlined support for the latest Napatech SmartNIC’s Flow Manager FPGA, now including periodic flow updates to ensure real-time flow visibility and minimal latency for exporting flow stats. We also explored DOCA Flow support in NVIDIA  BlueField and ConnectX adapters, to provide flow tracking also on …
nDPI

Introducing nDPI 4.14: Added QoE (Quality of Experience) and New Protocols, Several Fixes

We’re excited to announce the release of nDPI 4.14, a maintenance release that also includes some cool new protocol dissectors and fixes. As you know, maintaining a DPI library is no easy task, and this release is no exception. We’ve worked hard to enhance existing dissectors, making them more robust and efficient. We’ve also cleaned up some outdated code and improved flow risks. We’ll be sharing more details about the plans for the next nDPI release at PacketFest. This might be the last release of the 4.x series, so we’re …
Cybersecurity

Using Network Fingerprints Beyond Cybersecurity

Last week ntop has been invited to give a talk at neacademy in Napoli, Italy. The topic was network fingerprints and nDPI. Network fingerprints such as JA4 have been made popular by cybersecurity that uses them to spot (with limited false positives) malware and use them to find traffic pattern similarities. During the talk, we explained that it’s possible to improve fingerprint reliability by combining some of them, in addition to use fingerprints for various other activities beyond cybersecurity including (but not limited to) traffic classification and micro-segmentation. This was …
nProbe

AI-Driven Networks: A ML Solution for 5G Networks based on nProbe

In this contributed post the Universidade de Aveiro, Instituto de Telecomunicações, Portugal, explains how nProbe has be successfully used in 5G networks.   Introduction As networks evolve to meet the demands of modern connectivity, the need for intelligent traffic monitoring and anomaly detection becomes increasingly critical. In the context of 5G networks, where high-speed data transfer and low latency are paramount, Machine Learning (ML)-based solutions provide a robust mechanism for detecting anomalies and ensuring network reliability. Our project leverages nProbe, a high-performance NetFlow/IPFIX probe, to extract a comprehensive set of …
ntop

Introducing Network Quality Measurement (QoE) in ntop Tools

Quality of Experience (QoE) measures how satisfied users are with a network service based on their subjective perception. Unlike Quality of Service (QoS), which focuses on technical metrics (e.g., latency, jitter, packet loss), QoE evaluates the actual end-user experience—such as video streaming smoothness, call clarity, or web browsing responsiveness. QoE is important from various points of view including: User Satisfaction: Even if network metrics appear good, poor QoE leads to frustration (e.g., buffering videos or choppy VoIP calls). Business Impact: Bad QoE can result in lost customers, reduced productivity, or …
ntop

Announcing ntop Professional Training at ntop Conference (PacketFest) and June 2025

PacketFest will talk place in Zurich, Switzerland, on May 8-9 and it will be the event where the ntop and wireshark communities meet. On May 7th we organize for the ntop community an in-presence training session where we will show the latest news about ntop tools and teach how to master them. The training is free for PacketFest attendees, and you need to register on the conference website where you can also see the complete training program. For those interested on a remote training, this is to announce that we …
ntopng

HowTo Use Host Policy to Detect Misbehaving Hosts

ntopng has several ways to spot unusual traffic patterns, like: Checking if a device is behaving strangely. Sending alerts when a threshold is reached. Looking for changes in traffic metrics (like how much traffic is coming from a particular host). Seeing if host services change. To make these checks even better, ntopng added a new flow behavioral check called “Host Policy.” The idea is simple: there are some special devices on a network, like routers, switches, printers, and other non-general-purpose devices, that shouldn’t send traffic to the Internet. Except for …
Announce

Introducing the New Infrastructure Dashboard in ntopng

For this reason, some time ago we introduced the Infrastructure Monitoring in ntopng, as described in a previous blog post, which is the ability to use ntopng to monitor other ntopng instances, by means of its Active Monitoring capabilities. This infrastructure monitoring feature allows users to gain real-time insights into the status of their ntopng instances, as well as monitor the network interconnecting them. Now, we are excited to introduce a further extension to the Infrastructure Monitoring in ntopng, the new Infrastructure Dashboard. This enhancement enables users to efficiently oversee multiple …
nDPI

When Traffic Obfuscation Falls Short: nDPI vs NordWhisper NordVPN

In recent years, numerous virtual private networks (VPNs) have been introduced to the market. Some of these VPNs are standalone applications, while others are integrated into web browsers or other network applications. All of these VPNs promise users a private browsing experience by preventing users from being tracked and observed, particularly on public hotspots. Popular countermeasures detect these VPNs (often based on WireGuard or OpenVPN) and prevent their use to circumvent network policies. To enhance the detection and blocking of VPNs, companies have implemented various traffic obfuscation techniques to render …
ntopng

9 Reasons You Should Use Ntopng on Your Raspberry Pi

This XDA article has published an interesting article about ntopng on rPI. In particular: Learn and experiment with networking It’s a low-power solution It integrates with other network tools (e.g. Zabbix or Nagios) Optimize your home network traffic Analyze historical network data Manage bandwidth and QoS settings Capture and analyze network packets (via nDPI) Detect unauthorized devices and threats Check network activity from anywhere Do you agree? Enjoy ! …
ntopng

Using ntopng as Generic Flow Collector (log files, firewall events, MQTT…)

Most users of our community use ntopng as flow (sFlow/NetFlow/IPFIX) collector with ntop tools such as nProbe or nProbe Cento. From time to time we receive inquiries about using it as generic flow collector for instance reading connection information from the firewall, log files/syslog, MQTT, or cloud formats. This blog post shows you howto do that, ntopng can collect information via ZMQ, so the simplest mechanism is to export data on top of this protocol. ntopng accepts two formats implemented by the nDPI serialization library: binary TLV (all versions) JSON …