nProbe

How To Monitor Traffic Behind a Firewall (During and Post Pandemic)
Due to pandemic, many people are now working in a delocalised world: some work from home, others from the office. To make things even more complicated, in the past remote workers used to connect to the company network via a VPN. While this option is still possible, many resources are now available from the cloud thus making VPNs obsolete in some environments, in particular for mobile workforce that connects to the Internet by means of a cellular network. In the past months, some people contact us to ask how they …
Announce

Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)
We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In the Network monitoring, discovery and inventory devroom we will give two presentations titled “Using nDPI for  Monitoring and Security” and  “ntopng network monitoring and discovery“. In addition, ntop has been given a virtual stand to present its opensource-related activities. The ntop team will always be available in a chatroom and a series …
Announce

Bringing Network Visibility, Cybersecurity and Encrypted Traffic Analysis to OPNsense, pfSense and FreeBSD
This is to announce the immediate availability of both ntopng and nProbe for OPNsense, pfSense and FreeBSD, directly supported by ntop, with nightly builds and all the features present on all other supported platforms such as Linux, Windows and MacOS. You can now Monitor network traffic based on nDPI. Encrypted traffic analysis (ETA) that enables you to have visibility of encrypted traffic and answer to questions such as: what portion of my available bandwidth is used by Netflix? Cyber threats analysis: ntopng con be used to effectively detect attacks, anomalies …
nProbe

Introducing nProbe 9.4: New Platforms Support and Product Editions
This is to announce nProbe 9.4 stable that is an incremental update of 9.2 released last fall. The goal of this maintenance release is to pave the way to pervasive embedded systems support as we now support OPNsense/pfSense/FreeBSD Soon we’ll make a separate announcement as soon as more ntop packages will be available for these platforms. Ubiquity EdgeRouter X Read this blog post for learning more about sub 100$ Ubiquity-based hardware probes. OpenWRT In addition we have decided to simplify the nProbe versions that were hard to understand for most …
Guides

ntopng, InfluxDB and Grafana: A Step-By-Step Guide to Create Dashboards
Creating Grafana dashboards out of ntopng data basically boils down to: Configuring ntopng to export timeseries data to InfluxDB Configuring the Grafana InfluxDB datasource to extract timeseries data from InfluxDB Adding Grafana Dashboards panels with ntopng data This post aims at covering the topics above to serve as reference for those who want to create Grafana dashboards. Configuring ntopng to Export Timeseries Data to InfluxDB To configure ntopng to export timeseries data to InfluxDB, visit the ntopng Timeseries preferences page, and pick InfluxDB as driver. Then, it suffices to configure …
nScrub

A Step-By-Step Guide for Protecting Your Network with nScrub
Distributed Denial of Service (DDoS) attacks represent a family cyber-attacks that are more and more common nowadays. They aim to make the service unavailable by overwhelming the victim with high traffic volumes (this is the case of volumetric or amplification attacks based on UDP, ICMP, DNS, …) or an high number of requests (including TCP connection attacks like the SYB flood, or Layer 7 attacks able to exhaust the resources of the service at the application level). This differentiate them from other cyber-attacks like intrusion attacks or malwares aiming to destroying, stealing …
nDPI

Efficiently Detecting and Blocking SunBurst Malware
Earlier this month a new highly evasive malware attacker named SunBurst has been disclosed. Immediately some countermeasures have been disclosed and in particular some Snort/Suricata rules have been published. We have analysed the rules trying to figure out if ntop tools could detect and block Sunburst and the answer is yes, you can. Let’s have a look at some of the rules. The first thing you can observe is that the rules are any/any, meaning that an IDS has to look into every single connection this because most IDS do …
ntop

Dec 10th, ntop miniconf 2020 part III: nProbe and n2disk (on embedded systems)
This is a reminder for the third and last part of our mini-conference 2020 scheduled for this Thursday, December 10th 4 PM CET/10 AM EST. This time we’ll focus on the latest nProbe and n2disk features and provide a short practical tutorial. In addition we’ll cover ntopng alert and endpoints. Finally we’ll discuss how to embed ntop toolsin small devices for ubiquitous monitoring Below you can find all details, including the webinar link and calendar entry. Luca Deri: nProbe Traffic Monitoring and Embedding Carlos Talbot: Embedding ntopng on Ubiquity UDM …
n2disk

Exploiting Arista MetaWatch with n2disk and ntopng: HighRes Timestamping and Analytics
Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel network adapters. A better alternative to this practice is to avoid ad all using specialised adapters and rely on existing network devices to timestamp packets. Arista packet brokers with MetaWatch  can be configured to add an extra trailer (Metamako) with metadata to every captured packet. In fact Arista 7150 Series …
Announce

Dec 3rd, ntop miniconf 2020 part II: ntopng
This is a reminder for the second part of our mini-conference 2020 scheduled for this Thursday, December 3rd 4 PM CET/10 AM EST. This time we’ll focus on the latest ntopng 4.2 features. We have the pleasure to host our friends at Tribe29 that will preview how ntopng has been integrated with CheckMK, Nextworks and Verxo that will talk about using ntopng and ntopng Edge in real use cases, and Cubro who will present a new product that embeds ntopng. Below you can find all details, including the webinar link …
ntop

Using ntopng as network sensor for SecurityOnion (and integrated with Suricata)
SecurityOnion (SO) is a popular Linux distribution for threat hunting and security. It included ElasticSearch as backend for storing alerts as well as Kibana-based web interface. SO includes out of the box a few sensors such as Suricata that is a signature-based IDS used for flow analysis. To date SO does not include a tool that is able to merge network and security analysis or that can collect input from sensors and provide a high-level consolidated alert (e.g. a DoS vs individual alerts generated by Suricata). As most of our …
ntop

Embedding ntop: Nokia Beacon and Ubiquity UniFi Dream Machine
The latest generation of network devices are pretty powerful and open. This means that such devices ship with a Linux-based distribution such as OpenWRT or UniFI OS. In these devices it is possible to install third party software as the CPU is pretty powerful, there is some storage and memory available for running additional applications. In this blog post we want to describe our experience with two of these devices where it is possible to install ntop tools. This allows the network traffic to be monitored without having to install …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe