Announce

You’re invited to the ntop Virtual Meetup: April 2nd

This is to invite you to join or webinar about ntopng v4. We want to introduce you to the new application features, and assist you with first time installation. This will also be the right time to meet with out community and hear your feedback. We hope this to be just the first meetup. Meetup Slides Meetup Notes ntopng 4.0 – What’s New …
ntop

Say Hello To ntopng 4.0: Cybersecurity, Scripting… and a New User Interface

After over one year of work, we’re proud to announce you that ntopng 4.0 is finally out. In this time we have redesigned ntopng for speed and openness, by breaking apart the existing monolithic C++ engine into a Lua-scriptable micro-engine. This is to enable people to contribute to the project without them being scared of coding in C++. The major breakthroughs we have brought with this release are: A plugin engine that allows anyone with some basic Lua coding skills to tap straight into every single flow, host, or other …
n2n

Introducing n2n 2.6 with AES Encryption

This is to introduce you the latest n2n 2.6 stable release. This is mostly a maintenance release to address the issues of 2.4 that has been the first release since a long time of silence. The main features are AES encryption that features an overall speed bump (12x speed) and security with respect to twofish used in the previous n2n version. Extensive Windows and OpenWRT support. Full peer-to-peer topology support. Stable and more resilient connection. Below you can find the complete changelog.. Enjoy!   Changelog – Add ability to specify …
nScrub

Introducing nScrub 1.4 with IPv6 Support

This is to introduce the new nScrub 1.4 stable. Besides a few bug fixes (mainly to the API) this release introduces many improvements, including: Full IPv6 support both in routing and bridge mode. Improved TCP protection, it is now possible to use SYN Proxy in asymmetric mode. Hardware bypass with watchdog support as failover mechanism in case of system failures or to handle maintenance. New plugins SDK to easily extend the core engine with custom protection algorithms. Native systemd support for multiple instances to handle multiple network segments. Support for Ubuntu …
nProbe

Introducing nProbe 9.0: Traffic Behaviour Analysis and High Speed Flow Collection (Even Behind a Firewall)

This is to introduce nProbe 9.0 stable release whose the two main features are traffic behaviour analysis and high speed flow collection. Traffic Behaviour Analysis When in 2002 nProbe™ development started, the idea was to create a drop-in replacement for physical probes present in routers. Later the advent of IPFIX pushed the monitoring community towards standardisation of flow exports, and promoted interoperability across probes and collectors. Then the market started to ask solutions for visibility (and not just traffic accounting), and we developed nDPI™ for going beyond port and protocols …
ntopng

Securing Flow Collection Using Data Encryption

NetFlow/IPFIX specifications have not considered privacy and confidentiality important. Exported flows are sent over unencrypted channels that prevent them to be exchanged on public networks unless techniques such as VPNs are used. Today encryption is no longer an option, and thus we have added encryption support in all our tools when flows are exchanged over ZMQ channels (e.g. when nProbe sends flows to ntopng). In order to use encryption a private/public keypair needs to be generated on the collector side (i.e. ntopng) and configured on all the probe applications sending …
ntopng

How We Managed to Turn ntopng Into a Cybersecurity Tool

Last year you have read how we have integrated Suricata support into ntopng. While an IDS is a good source of data, it is just a sensor, how has no knowledge of the big network picture including the network overview, past host/flow history and device type. In essence an IDS is a nice to have but it’s not enough. What it is necessary is the ability to analyse traffic, learn what is wrong, compare current behaviour with the past, and draw some conclusions (i.e. read them as emit alerts) that …
ntop

Introducing PF_RING 7.6: Flow Processing Made Easy with PF_RING FT

This is to announce a new PF_RING major release 7.6. Besides bug fixes and drivers updates to improve compatibility with latest kernels (including those shipped with Debian 10 and CentOS 8) this release includes many enhancements to the PF_RING FT library, which delivers unprecedented flexibility and all the features a flow-based packet processing application requires. Latest additions include:. Flow slicing: the library delivers periodic flow updates, no need to wait for flow termination. Tunnels decoding: packets are decapsulated and information about the tunnel are exposed by the library. More flow …
nDPI

Towards Traffic Behaviour Analysis: Introducing nDPI 3.2

This is to announce the new stable release of nDPI 3.2. The main trend of nDPI is to move from “simple” application protocol detection towards behavioral traffic interpretation. This has been implemented with the integration of modules for detecting attacks (e.g. SQL injections and XSS in HTTP) and behavioral indications on packet length/time/entropy as well indicators used for creating simple indicators typical of IDS systems. In essence nDPI is moving from protocol reporting to comprehensive traffic interpretation. nDPI now includes functions for efficiently serialising data in both JSON and binary …
ntop

Call for Talks for NtopConf ’20

Update Due to SARS-Covid-19 Infection, the conference will be rescheduled once the health situation will improve and travelling will be safe. Please stay tuned by monitoring our blog as we will organize new interactive seminars and tutorials so that our community can meet virtually. Thank you!   This year the annual ntop conference will take place in Milano, Italy on June 9-10, at Università Bocconi, one of the most prestigious university in Italy. As usual the first day will be used to train people on ntop tools and the second …
nDPI

Effective TLS Fingerprinting Beyond JA3

JA3 is a popular method to fingerprint TLS connections used by many monitoring tools and IDSs. JA3 focuses on encryption options specified during TLS connection setup to fingerprint the encryption library used by the application. Image courtesy of Cisco So in essence the same JA3 fingerprint will match multiple applications, making JA3 unreliable (when used as single feature) to fingerprint traffic. There are several JA3 fingerprint databases available on the Internet you can use to identify (remember with some grade of uncertainty, thus with false positives) client applications or malware …
ntopng

Towards ntopng v4: New User Interface Featuring Dark Theme

This February we’ll introduce ntopng v4 and we’re starting to write some blog posts to preview the new features. Let’s start with the user interface. Since v1 the UI has always been the same. People however asked us some more flexible layout where it is possible for instance to switch across network interfaces in a breeze. Furthermore the pervasive use of dark themes was also a driving force towards changes. While the UI in 4.2 will integrate new changes we already planned (for instance to switch from realtime to historical …