ntop

Honouring System Default Policies on ntop Packages
Many distributions provide mechanisms to let the system administrator decide if the new installed packages should be enabled and/or started automatically. Previously, the ntop services were always enabled and started automatically after the first package installation, regardless of any system preferences. Now the ntop packages rely on system utilities to properly start, stop and restart services after installation in order to correctly honor system policies. Due to the distribution specific defaults, this is now the default behaviour of the services installed by the ntop packages: Debian/Ubuntu Centos 7 Other Started …
Announce

Welcome to ntopng 3.8 with continuous drill down: packets, flows, activities
We are happy to announce ntopng stable 3.8. The is the core of the next 4.0 release as it integrates new features that will be consolidated in the next release scheduled for spring. The main features include: SQL database-free high-speed traffic indexing based on a new home-grown technology. As explained in this post, we managed to store compressed flow information on disk combined with high-speed retrieval. Just add “-F nindex” to ntopng to start using this new feature, currently available in the ntopng enterprise edition. You can read more here. …
n2disk

Drill Down Deeper: Using ntopng to Zoom In, Filter Out and Go Straight to the Packets
ntopng has grown significantly over the past years, providing an increasingly-interesting set of features to support network analysts and troubleshooters in their decisions. Among the most relevant features, it is worth mentioning that timeseries inspection pages have been redesigned and reworked profoundly to facilitate the drill-down of historical data. Similarly, a home-grown high-speed special-purpose flow database has been seamlessly integrated in ntopng to ease the storage and retrieval of historical flows. However, the circle was not really closed. A piece was missing. Something that could take us down to the …
ntopng

Say hello to nIndex: Personal Big Data System for Network Flows
Being able to store network flows is a very challenging task using generic databases. Networks are becoming faster and faster and, nowadays, flow-based analysis tools should store tens, or even hundreds, of thousands of flows per second, to keep up with SME and enterprise demands. Existing tools, such as relational databases, fail to accomplish this task. Unless you have unlimited resources available, tons of RAM and clusters of machines, chances are your database will choke, quickly becoming too slow to enable queries from being performed in a reasonable time. It was incredible …
ntop

Introducing n2disk 3.2: towards 100 Gbit to disk
This is to announce a new n2disk release 3.2. This release, besides addressing a few issues, includes new juicy features: Multithreaded dump and support for multiple volumes. This is useful in a few cases: If you want to record traffic above 30-40 Gbit/s to HDDs or SSDs, you should pay attention to the RAID controller limit. In fact, even if you use many disks in a RAID 0 configurations, many controllers are not able to scale above 30-40 Gbit/s of sustained write throughput. Load-balancing traffic across multiple controllers could be …
ntop

Introducing PF_RING 7.4: PF_RING FT, Containers and Virtual Functions Support
This is to announce a new PF_RING major release 7.4. This release includes many improvements to the PF_RING FT library, which is now more mature thanks to new API functionalities and features that provide more flexibility. This release also addresses many issues, and moves a step forward in the same direction of release 7.2, which included full support for Containers and Namespaces, adding support for CoreOS containers and ZC Virtual Function drivers, technologies commonly available in cloud services. This is the complete changelog: PF_RING Library New pfring_open PF_RING_DO_NOT_STRIP_FCS flag to disable …
ntop

Introducing nDPI 2.6: several new dissectors, DPDK and Hyperscan support
This is to announce the release of nDPI 2.6. Several dissectors have been improved and a few new ones have been added, as well we have improved the detection logic (this in case we have to guess the protocol due to incomplete data). This is also the first release of nDPI that natively supports Intel DPDK and also that improves Intel Hyperscan support. Please find below the complete changelog. Enjoy!   Changelog New Supported Protocols and Services New Bitcoin, Ethereum, ZCash, Monero dissectors all identified as Mining New Signal.org dissector New Nest …
nProbe

Measuring ntopng+nProbe Flow Processing Performance
NOTE: this post is outdated. Latest versions of ntopng and nProbe improve performance significantly. New figures are given in this post. In this post we try to analyze the performance of nProbe and ntopng for the collection of NetFlow. ntopng and nProbe will be broken down into smaller functional units and such units will be analyzed to understand the maximum performance of every single task as well as of the overall collection architecture. The machine used for the analysis is equipped with an 4-core Intel(R) Xeon(R) CPU E3-1230 v5 @ 3.40GHz …
ntopng

ntopng Disk Requirements for Timeseries and Flows
Being able to do a priori estimations of the space that ntopng is going to use in a production environment is fundamental for the provisioning of the storage. In this post we try to estimate the space used by ntopng to store timeseries and flows. Timeseries The number of timeseries generated by ntopng depends almost exclusively on the number of local hosts. Other timeseries generated, including those for the interfaces or SNMP devices, are generally orders of magnitude less than those generated for local hosts. For this reason, it is …
ntopng

Advanced SNMP Monitoring with ntopng
It has been a while since we have added SNMP support to ntopng. The first release, presented in this blog post, implemented basic SNMP support. Since then we have code various improvements and new feature, with the aim of turning ntopng in an advanced SNMP monitor. Among the extensions we have implemented are the following: A cache to decouple the polling of devices from the browsing of polled data Devices are polled periodically by ntopng with a background task that cycles them at 5-minute intervals and sends polled data to …
Components

Remote ntopng Authentication with RADIUS and LDAP
In large organizations, it is common to have a centralised authentication system usually named AAA (Authentication, Authorization and Accounting). Managing users typically involves the definition and enforcement of the rights to do some operations or to access certain resources in a network. Being able to grant (or deny) such rights using a centralized authentication system is the only viable solution when it comes to dealing with large organizations with hundreds, or even thousands, of users that periodically join and leave. AAA protocols include Remote Authentication Dial-In User Service (RADIUS) and …
n2n

Use Remote Assistance to Connect to ntopng Instances
A problem same ntop users how to face with, is the ability to remote access a ntopng instance running behind a firewall. This can be solved using a VPN or other means that often require to deploy an additional network service. Some of our ntop users are familiar with n2n, an open source peer-to-peer VPN ntop developed and maintains. With n2n in essence is possible to create a network overlay that allows you to access your assets in a secure way, this regardless of your network configuration. For this reason …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe