nEdge

Say hello to ntopng and nEdge 3.6: Timeseries with TimeShift and InfluxDB
ntopng 3.6 release is paving the way to metrics-based traffic analysis. We have finally put ntopng on top of a timeseries-independent layer that allowed us to currently RRD and InfluxDB and in the future other backends. This means that you can now also (you can for instance use ntopng as a flow exporter and as a Grafana data source) use ntopng as a time series datasource (see the timeseries API for further information) or you can analyse data through the ntop web interface that has been greatly enhanced. As you …
nDPI

Introducing nDPI 2.4
This is to announce the release of nDPI 2.4 that is an incremental release mainly introducing the concept of categories in addition to new dissectors and bug fixes. In a nutshell in order to limit the number of custom protocols defined as “if traffic goes from/to Internet domain X then this is protocol X” all these protocols have been grouped into a category. This eases application developers life as they do not have to handle thousand of protocols and simplify configuration. For instance instead of having malware site X, site …
n2n

Introducing n2n 2.4
As announced some months ago, we have resumed the development of n2n, a peer-to-peer VPN we developed some year ago to ease the access to remote ntop installations behind firewalls, that then evolved into a full fledge application. After having put on hold the project for some years fur to lack of time and new priorities, months ago we have decided to resume developments and start developing it again. We have realised that many people started to fork and code on n2n, and thus a part of our work is …
ntop

Introducing @ntop_community Telegram Group
While tools like github and mailing lists can serve developers and experts, sometimes people look for a quick help. For this reason we have create a new Telegram group called @ntop_community that you can use (even from your desktop and mobile) for asking quick help from the community. If you are a ntopng user you can select the “Help and News” menu entry for jumping to the telegram channel. We invite people to join and help supporting other users, as well send us feedback. Thank you! …
nProbe

Introducing per-Second Measurements in nProbe Flow Exports
The need to perform on-time and per-second traffic measurements clashes with protocols such as NetFlow where all counters are cumulative with respect to the flow lifetime. So if you have a flow that lasted 2 minutes and moved X bytes, you have no clue what was the throughput of this flow across the 2 minutes. For this reason people started to shorten flow duration with the drawback of putting a lot of pressure on probes as well to increase the disk space and flow records cardinality on collectors. In essence …
ntopng

ntopng and Time Series: From RRD to InfluxDB, new charts with Time Shift
One of the main concern of our users is the ability to scale ntopng with a large number of hosts/protocols and hence how to scale time series. As already discussed, RRD has many limitations with the increase of number of time series, hence it was time to start exploring new paths. We decided to abstract the ntopng engine from RRD and thus open up the engine to new time series databases. This has enabled us to use InfluxDB to store time series instead of RRD, that (as already discussed) enabled …
PF_RING

How to accelerate Bro with PF_RING FT
We discussed many times about the large quantity of work IDSs have to carry on, and the high CPU load they require, this is the case of Suricata due to the thousands of rules that need to be evaluated for every single packet, but this is also the case of the Bro Network Security Monitor. In a previous post we’ve seen How to accelerate Suricata with PF_RING FT in a few steps. In that guide we leveraged on the flow classification and L7 protocol detection provided by PF_RING FT, to …
ntop

Cloud, IoT, sFlow Traffic Monitoring Tutorials #SFUS18
Last week we have presented two tutorials at the Sharkfest US 2018 edition: sFlow: Theory and practice of a sampling technology [ slides ] Packet monitoring in the days of IoT and Cloud [ slides ] We believe these tutorials are interesting for all those who are using ntop (and non ntop tools) and are willing to learn more about sFlow and traffic monitoring in cloud and IoT environments. Enjoy! …
ntop

Network Traffic and Security Monitoring Using ntopng and InfluxDB
Yesterday our friends at InfluxData organised a meetup at their HQ in San Francisco, CA. For all those who have been unable to attend the event, these are the presentation slides so you can learn more about the transition from RRD to InfluxDB that is happening in ntopng. Please do not forget to provide feedback on the ntop mailing list or on github. Thank you ! …
Announce

Introducing ntopng Edge (nEdge): Monitoring, Service Segmentation and Security for the Network Edge
The network edge, either wired or wireless, is becoming increasingly important as most things now happen there being the place where devices are deployed. Security-wise, central firewalls are too far from the edge, and thus devices can roam freely – and potentially create troubles – in LANs without ever hitting a security device. The consequence is that LANs are becoming increasingly insecure, and the cloud is complicating all of this as it provides in encrypted connections – that are not inspectable by monitoring and security applications – the perfect ingredients …
ntopng

Learning the ntopng Lua API
ntopng is open source, that means you can read its code and modify it according to the GPL license. The current ntopng architecture is based on three layers where the top one is written in Lua and it is used to render the web interface as well to execute periodic activities. In essence the C++/Lua API is a clean way to interact and extend ntopng without having to code in C++. So far we have used this API inside the ntop team without documenting it. This has been a mistake …
n2n

Using n2n to Steer your Internet Traffic and Circumvent Restrictions
Suppose that you are travelling abroad and you need to access some Internet sites that are not available abroad. Or suppose that you want to evade the restrictions of your ISP, of the hotel room where you are currently staying, or the WiFi hotspot you are using for connecting to the Internet. The simplest thing to do is to open a VPN and you’re done. However VPNs are not very flexible and they require a single place where everybody meet and great. n2n instead is based on the peer-to-peer paradigm …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe