Announce

You’re Invited to the “Monitoring with Time Series” Meetup: San Francisco June 27th
Hi all this is to invite all of you living in San Francisco and in the Bay Area to attend the “Monitoring with Time Series” meetup organised by our friends at InfluxData. I will be speaking about ntop, traffic monitoring, time series and InfluxDB. It will also be a good time to meet with our users, hear suggestions, and (perhaps) complains. The Internet is a nice place, but a physical meeting has no price. The meetup will take place at InfluxData HQ, 799 Market St Suite 400, San Francisco. The …
ntop

Introducing PF_RING 7.2, including PF_RING FT and nBroker
This is to announce a new PF_RING major release 7.2 that includes: Support for Ubuntu 18 as well the latest Debian and CentOS kernels. Many improvements to the FPGA capture modules and the ZC library (that is now able to reserve head room for zero-copy traffic encapsulation/decapsulation, just to mention one). Full support for Containers and Namespaces. Besides many improvements and bug fixes, this release also introduces PF_RING FT, an highly optimized library that assists flow-processing application with L7 classification and filtering, and nBroker, a framework for hardware-based traffic steering and filtering …
PF_RING

How to accelerate Suricata, Bro, Snort with PF_RING FT
In a previous post we discussed the advantages of using specialized adapters featuring flow offload in hardware for accelerating IDS applications. What we have learnt is that IDSs are typically CPU-bound applications, and this is mainly caused by the thousands of rules that need to be evaluated for every single packet (of course in addition to packet capture). This is the case of Suricata, Bro, Snort and other IDS/IPSs as well security applications. More than 2/3 of the Internet traffic is multimedia traffic (mostly video, social networks and music streaming), consisting of a few …
ntopng

Best Practices to Secure ntopng
After a fresh install, ntopng will run using a default, basic configuration. Such configuration is meant to provide an up-and-running ntopng but does not try to secure it. Therefore, the default configuration should only be used for testing purposes in non-production environments. Several things are required to secure ntopng and make it enterprise-proof. Those things include, but are not limited to, enabling an encrypted web access, restricting the web server access, and protecting the Redis server used by ntopng as a cache. Here is the list of things required to …
n2n

n2n is back !
Hi all, it is finally time to restart development activities in n2n whose code is available at https://github.com/ntop/n2n. The advent of the cloud, privacy concerns on the Internet, mobile users now producing a large amount of Internet traffic, require a secure network overlay such as n2n to build upon. Initially designed to solve our connectivity issues created by NATs, we believe it is now time to refresh it and serve modern user needs. The first activity we would like to do is to merge back in the n2n repository all …
ntopng

How ntop built a web-based traffic analysis and flow collection with InfluxDB
A couple of days ago InfluxData hosted a ntop webinar about how we have integrated InfluxDB into ntopng. Those who have not attended it can give a look at the presentation slides as well watch the webinar. In essence: ntopng is based on RRD for timeseries As networks grow, ntopng needs to store more time series more granular. RRD is file based, that is a good things as configuration is minimal, but it does not scale on mid/large networks. We need an alternative, and found InfluxDB to be the best option …
ntopng

How to use ntopng in compliance with GDPR
Today the General Data Protection Regulation (GDPR) (EU) 2016/679 is effective in the European Union. GDPR is designed to protect personal data and thus preserve privacy in particular as specified in articles 13 to 22, and 34. As we manufacture tools for traffic monitoring, we’ve to make sure that our tools can be used in compliancy with GDPR. In particular we’ve implemented a couple of features that can be useful: If you go select “Preferences” from the ntopng menu, and click on the “Misc” pane you can access the preference for …
ntop

Webinar Invitation: ntop traffic analysis and flow collection with InfluxDB
Hi all, this is to invite all of your to the How ntop built their high-speed Web-based traffic analysis and flow collection with the use of InfluxDB webinar, organised by our friends at InfluxData. The event will take place May 29th at 8AM PST (5PM CET). I will be talking about traffic monitoring and timeseries, why we used RRD, and how we have integrated InfluxDB (including ongoing developments). …
PF_RING

Introducing nBroker: Traffic Steering and Filtering on Intel RRC (FM10K)
Exactly two years ago we introduced Intel FM10K (FM10000) support in PF_RING ZC. The Intel FM10K ethernet controller family supports 10/25/40/100 Gbit on the same NIC, at a convenient price (sub 1000$ range) and it powers NIC various models manufactured by Silicom Inc. The most interesting aspect of the FM10K is the programmability that this adapter provides. In fact this adapter integrates an internal switch attached to the external ports (those that are physically connected to the cables) and to the internal ports (towards the CPU, those seen by the host OS) …
ntop

Introducing PF_RING FT: nDPI-based Flow Classification and Filtering for PF_RING and DPDK
Motivation Most network monitoring and security applications are based on flow processing, which is in practice the activity of grouping packets based on common attributes (e.g. source and destination IP, source and destination port, protocol, etc.) and do some analysis based on the collected information. What happens behind the scenes can be divided in a few major tasks: capturing raw packets decoding packet headers to extract flow attributes classify the packets based on flow attributes (optional) extracting also L7 protocol information. Introducing PF_RING FT With PF_RING, and later on with PF_RING ZC (Zero …
ntopng

ntopng goes Elastic: Introducing ElasticSearch 6 Support
As you ntopng users know, out of the Elastic toolset ntopng supports both ElasticSearch and LogStash. You can use them using the -F flag: --dump-flows|-F] <mode> | Dump expired flows. Mode: | es Dump in ElasticSearch database | Format: | es;<mapping type>;<idx name>;<es URL>;<http auth> | Example: | es;ntopng;ntopng-%Y.%m.%d;http://localhost:9200/_bulk; | Notes: | The <idx name> accepts the strftime() format. | <mapping type>s have been removed starting at | ElasticSearch version 6. <mapping type> | values whill therefore be ignored when using | versions greater than or equal to 6. | …
nProbe

Using nProbe for Collecting Palo Alto Flows
NOTE: This article is outdated. Please see “Collecting Proprietary Flows with nProbe” for learning  how to collect proprietary Palo Alto flows. nProbe is both a probe and a NetFlow/sFlow collector. As you all know, we have recently added the ability to collect flows with proprietary information elements. However we natively support in nProbe popular flow exporter devices such as Cisco NBAR and Palo Alto security devices. In this article we show you how to collect the latter flows in nProbe. A typical Palo Alto flow is depicted below. As explained …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe