ntop

Using ntopng as network sensor for SecurityOnion (and integrated with Suricata)
SecurityOnion (SO) is a popular Linux distribution for threat hunting and security. It included ElasticSearch as backend for storing alerts as well as Kibana-based web interface. SO includes out of the box a few sensors such as Suricata that is a signature-based IDS used for flow analysis. To date SO does not include a tool that is able to merge network and security analysis or that can collect input from sensors and provide a high-level consolidated alert (e.g. a DoS vs individual alerts generated by Suricata). As most of our …
ntop

Embedding ntop: Nokia Beacon and Ubiquity UniFi Dream Machine
The latest generation of network devices are pretty powerful and open. This means that such devices ship with a Linux-based distribution such as OpenWRT or UniFI OS. In these devices it is possible to install third party software as the CPU is pretty powerful, there is some storage and memory available for running additional applications. In this blog post we want to describe our experience with two of these devices where it is possible to install ntop tools. This allows the network traffic to be monitored without having to install …
ntop

Using ntop tools on VyOS
VyOS  is a popular open-source router and firewall platform based on Linux, and some of our users asked us to support it natively. This post explains you how to achieve that in a few simple steps. Prerequisites As VyOS is based on Debian Linux, the easiest solution is to install precompiled Debian packages or compile it from source. In order to do this you need to configure the Debian repositories that on VyOS are empty. You need (as root) to edit /etc/apt/sources.list and store on it something like this: deb …
ntopng

You’re Invited to the ntop MiniConference 2020: November 24th, December 3rd and 10th
This year due to the pandemic, we had to cancel our scheduled community event. Considered that we have introduced many new features in our tools we would like to invite you to an online mini-conference divided in three distinct events. The first event is a general even where we briefly summarise what we have done in the individual tools so people can have an overview of what we have done and where we would like to go. The other two events are instead focusing on specific tools so people can …
ntopng

Howto Write a Telegram Alert Endpoint for ntopng
Telegram is a popular messaging application that many people use daily to do instant messaging and receive notifications. As of ntopng 4.2, it is now possible to deliver alerts to external entities including Slack, email and Discord. This post will show you how the Telegram alert endpoint has been developed so that readers can learn how to contribute to the ntopng development by coding new integrations. For a complete guide about alert endpoints, please refer to the ntopng user’s guide, whereas the complete telegram endpoint source code can be found …
News

Say Hello to ntopng 4.2: Flexible Alerting, Major Speedup, Scada, Cybersecurity
We are pleased to introduce ntopng 4.2 that introduces several new features and breakthroughs while consolidating the changes introduced with 4.0. The main goals of this release include Enhance and simplify how alerts are delivered to consumers Many internal components of ntopng have been rewritten in order to improve the overall ntopng performance, reduce system load, and capable of processing more data while reducing memory usage with respect to 4.0. Cybersecurity extensions have been greatly enhanced by leveraging on the latest nDPI enhancements that enabled the creation of several user …
nProbe

Introducing nProbe 9.2: Collection Pass-Through and Reforge, OpenWRT support, Flexible JSON-export
This is to announce the release of nProbe 9.2. The main new features of this release are focused on flow collection speed and flexibility in particular for modern JSON-based flow consumers. This is to enable applications relying on nProbe, e.g. ntopng, to scale up when collecting flows: The new –collector-passthrough option allows the flow cache to be bypassed when flows are collected. This mean that flows are forwarded to remote collectors unmodified (i.e. -T is not used) without placing them into the flow cache (i.e. flows are not merged by …
Cybersecurity

Security-Centric Traffic Analysis
Days ago we have given a short speak about cybersecurity at an Italian meetup. These are the presentation slides (English) where you can read more about the steps we have taken to make our tools more cybersecurity-oriented. Below you can also find the video that is only for Italian-speaking people (sorry about that). Enjoy!   …
cento

Introducing nProbe Cento 1.12: Combining Visibility and Cybersecurity at 100 Gbit
This is to announce the released of cento 1.12 that is a maintenance release for ntop’s 100 Gbit probe. In this version we have integrated support of the latest nDPI features to combine processing speed with latest innovations in application detection an cybersecurity. Cento’s JSON output has been greatly enhanced and it includes all the nDPI-dissected information by streaming JSON-based data to Kafka or ElasticSearch/Syslog consumers. This to make cento useful to cybersecurity analysis by combining visibility and security at 100 Gbit by streaming. Enjoy! Changelog New Features Core engine …
n2disk

Introducing n2disk 3.6: full L7 support, fast flow export, replay rate control
This is to announce a new n2disk release 3.6. This release adds full support for indexing and retrieving traffic based on the Layer-7 application protocol. This can now be enabled even when flow export is disabled, and it is possible to use the extraction tool to extract selected application traffic using the Layer-7 protocol as part of the nBPF filter. n2disk is now also able to use the main storage as a cache, and in the meantime archive pcap files moving them from the fast to a slower storage, even …
ntop

Introducing PF_RING 7.8: ZC support for new Intel adapters and much more
This is to announce a new PF_RING major release 7.8. The main changes in this release include: The new ice ZC driver supporting E800 Series 100 Gigabit Intel adapters. Hardware timestamp support  for packet trailers and keyframes generated by Arista 7150 Series and Metawatch. This also includes device information such as the Device ID and the Port ID. BPF support for all ZC devices and queues, both to filter received or transmitted traffic. ZC API extensions to further simplify its use, which is one of the main advantages of this …
nDPI

Released nDPI 3.4: increased detection speed, statistical analysis, fuzzing, cybersecurity
This is to announce the release of nDPI 3.4 that is a major step ahead with respect to 3.2: Detection speed has been greatly optimised Many new functions for statistical protocol analysis have been introduced. This is to expand nDPI into traffic analysis beyond simple flow-based analysis. Fuzzing and code analysis (credits to catenacyber and lnslbrty) made nDPI more stable and robust than ever Completely rewritten QUIC dissector (credits to IvanNardi) with support of the latest protocol versions Added 24 security risks for speeding up the adoption of nDPI in …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe