This is to introduce nDPI 4.4 that includes the development activities of the last six months. As with previous releases we are improving protocol support, automatic testing to harden the code for critical environments, and introducing new cybersecurity features for … Continue reading
HowTo Visualise ntopng Alerts in Kibana
ntopng can export both flows and alerts in Elastic according to the Elastic Common Schema (ECS) format. You can dump flows (not alerts) in Elastic starting ntopng with -F “es;<mapping type>;<idx name>;<es URL>;<http auth>”. For instance you can do ntopng … Continue reading
Introducing PF_RING 8.2: New Mellanox Support
This is to announce a new PF_RING release 8.2! This new stable version adds support for a new family of ASIC-based adapters from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 (please check the User’s Guide for the exact list of supported firmwares). This new driver/adapter … Continue reading
HowTo Use nProbe To Create Traffic Timeseries in InfluxDB
One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana … Continue reading
ntopConf2022: News, Announcements and Future Plans
Last week the ntopConf 2022 was held in presence in Milan at Bocconi University and about 100 people attended it. Presentation material including slides and videos are available at the conference page so even if you have missed this event … Continue reading
How to Configure Flow Risk Exclusions in nDPI and ntopng
Flow risks are the mechanism nDPI implements for detecting issues in network traffic whose theoretical design is documented in this paper Using Deep Packet Inspection in CyberTraffic Analysis we have written last year. While we are reworking the definition of … Continue reading
Best Practices for Using ntop Tools on Containers
Many people use software containers to simplify application deployment. As you know ntop tools are also available on docker hub for quick deployment using Docker or other container management tools such as Portainer or Kubernetes. When using containers, there are … Continue reading
How ntopng monitors IEC 60870-5-104 traffic
Busy times for OT analysts. Last month the number of known OT (operational technology) malware increased from five to seven. First malware discovered is Industroyer2 which was caught in the Ukraine. As nowadays popular, security companies name the malware they … Continue reading
Registration for ntopConf 2022 (June 23-24) is now Open
This year the ntop community will meet in Milan, Italy on June 23-24. Conference will take place the first day, whereas the second day will be used for training. We’ll be talking about network traffic monitoring, cybersecurity, and discuss future … Continue reading
HowTo Use TLS for Securing Flow Export/Collection
One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow … Continue reading