ntop

Using ntopng for Teaching Network Monitoring and Administration
ntop believes in education, research, and no-profit and for this reason ntop tools have been them offered free of charge. Today we’re pleased to hear how they have helped young students to monitor and administer networks. Enjoy !     Introduction When teaching network monitoring and administration at the University of Applied Sciences in Fribourg (Switzerland), it is essential to provide tools to our bachelor students in computer science that enable them to observe and analyze traffic in real time. ntopng, an open-source network monitoring solution, is an appropriate choice for …
Announce

Short 2025 Roadmap: QoE, AI in Traffic Classification, Distributed Architecture, SuperNICs
As usual, we’re sharing some details about our 2025 roadmap. We have discusses several working items and distilled a few we can pursue in the coming months. QoE (Quality of Experience) In the past few years we have focused on Cybersecurity and now we want to extend our measurements into a new dimension: quality. ntop tools monitor various metrics such as RTT, latency, jitter.. and now we want to combine them with DPI to creare a quality score that will report how good (from the user experience standpoint) the traffic …
Uncategorized

Meet the ntop Team at FOSDEM, Brussels Feb 1-2
As we did in the past, this year we’re organizing the network devroom at FOSDEM that will take place in Brussels next week-end Sat and Sun February 1-2. Most of ntop team will be there and it will be a great to meet our community. This time we will be talking about nDPI and smart NICs. Furthermore it is a pleasure to also host two invited speakers of popular open source projects: Victor Julien the creator of Suricata IDS Gerald Combs the creator of Wireshark Looking forward meeting you at …
Announce

Introducing ntopng Policy Menu
In the past months we have extended our behaviour analysis introducing new features such as the ACL or device policies. For this reason we have rearranged the menus and create a new Policy menu (you can read more here) that contains all the configurations used by ntopng to trigger alerts. Sue to this, some pages have been moved and changed location. Below you can find the list of the moved pages and how to access them now: Server Ports (Previously, Server Ports Analysis): Previously in the Host entry, moved to …
Announce

You’re Invited to PacketFest ’25, Zürich 7-9 May: Where ntop and Wireshark Communities Meet
PacketFest ’25 is a two-day (May 8th and 9th) technical conference in Zurich, Switzerland, bringing together the ntop and Wireshark communities. The event features presentations and workshops on network traffic monitoring, cybersecurity, and open-source technologies, with a focus on practical applications and the latest advancements in ntop and Wireshark tools. Attendees can expect interactive sessions, networking opportunities, and expert insights including the creators of ntop and Wireshark. A pre-conference (May 7th) ntop training day is also offered. Registration fees apply, but students and non-profits can attend free of charge. Registration …
n2disk

Introducing n2disk 3.8: NVIDIA Support, Smart Recording, Traffic Deduplication
We’re excited to announce a new stable release of n2disk v. 3.8. This release is bringing significant new capabilities to the network monitoring and recording landscape, and it is packed with features that enhance both functionalities and performance. Here’s a closer look at the highlights of this release: New Smart Recording support to intelligently manage and optimize storage usage. Multithreaded Packet Capture to take advantage of  RSS (Receive Side Scaling) capabilities on NVIDIA/Mellanox ConnectX adapters. In fact on those adapters it is not possible to scale the performance by spawning …
nScrub

Introducing nScrub 1.6: Broader Support, More Offloads, Improved Algorithms
We are excited to announce this new release of nScrub, 1.6, packed with new features, expanded hardware support, and key enhancements to strengthen network defense capabilities. This release adds native support for NVIDIA/Mellanox ConnectX adapters, and extends support for Napatech adapters by enabling the TX offload support, which optimizes packet transmission performance and reduces CPU overhead. We also implemented native support for DPDK, making nScrub open to deployments where the users are widely using this SDK. We’ve also improved the detection and scrubbing algorithms, including additional checks on TCP packet …
Announce

Released nDPI 4.12: Obfuscated/Encrypted/Proxied Traffic and Fingerprints
This is to announce the release of nDPI 4.12, the first version after our 6 months release cycle announced earlier this year. The main changes of this release include support for encrypted/obfuscated/proxied in particular for OpenVPN and TLS, as well support for network fingerprints presented in November at the Sharkfest conference. For all details see the enclosed changelog.   Enjoy ! nDPI 4.12 (Dec 2024) Major Changes Added detection of encrypted/obfuscated OpenVPN flows (#2547, #2560) Added detection of encrypted/obfuscated/proxied TLS flows (#2553) Implemented nDPI TCP fingerprint (https://github.com/ntop/nDPI/commit/6b6dad4fdb2e60cd2887f7d381bcab2387ba9507) For further details …
cento

Exporting (Custom) Flows with Avro in nProbe Cento
This summer we introduced nProbe Cento 2.0. Before this release, Cento was supporting JSON serialization only when exporting flows to Kafka. JSON is straightforward and widely used, but it can be verbose and less efficient for high-throughput or resource-sensitive environments. To address these challenges, when exporting flows to ntopng, some time ago we introduced a binary/TLV format for data serialization, implemented in our open-source nDPI library. However, despite this being an open format, it is not widely used. For this reason, in order to improve interoperability with other solutions, we …
ntop

HowTo Monitor Router Interfaces Congestion Using SNMP
Sometimes it happens that your router is congested, and you ask yourself “How is it possible?” or “Who is responsible for congesting the network?” or “Which router/port is congested?”. You could simply answer the last question by using the SNMP/Flow Exporters Usage: HowTo Monitor SNMP Interfaces Utilisation and Congestion Rate; but what about the other two? Let’s start by looking at SNMP. As explained in the previous post, if SNMP is enabled on the routers/switches, using ntopng it is possible to figure out if an interface is congested. On the …
ntop

How nDPI Introduced Behaviour Analysis in Suricata
Last week we have attended Suricon 2024, the annual conference about Suricata and presented our work on how nDPI has been integrated with Suricata. At ntop we like to contribute to other open source projects we use and like, such as Suricata and Wireshark. One of the main limitations of Suricata is its inability to monitor many protocols (currently the engine supports ~20 protocols compared to 450+ protocols supported by nDPI) and the lack of behaviour analysis that would very well complement Suricata signature-based analysis. These have been the reasons …
Cybersecurity

A Deep Dive Into Traffic Fingerprints
Last week during SharkFest Europe 2024 we have presented what are network fingerprints and how they work. During the talk we (Luca and Ivan) have described how we have extended nDPI with support of network fingerprints, and how this work has been also integrated in Wireshark. We believe that fingerprints are an interesting technology that can help in better understanding the nature of traffic flows, detect inconsistencies on crafted traffic (e.g. a Windows box that pretends to impersonate an iOS device), and of course in cybersecurity. In the coming months …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe