Announce

Released nDPI 2.2.2: 7 New Protocols, Many Improvements
This is to announce a minor nDPI release update that adds a few fixes and introduces support for popular cloud protocols such as Google and Apple push service. Below you can find the complete changelog. Enjoy! Main New Features Initial experimental Hyperscan support ndpi_get_api_version API call to be used in applications that are dynamically linking with nDPI –enable-debug-messages to enable debug information output Increased number of protocols to 512 New Supported Protocols and Services GoogleDocs GoogleServices AmazonVideo ApplePush Diameter GooglePlus WhatsApp file exchage Improvements WhatsApp detection Amazon detection Improved Google …
nScrub

Protecting a Web Server from DDoS Attacks Using nScrub
nScrub is a software-based DDoS mitigation system based on PF_RING ZC, able to operate at 10 Gbit full-rate (or multi 10 Gbit distributing the load across multiple modules) using commodity hardware, making it affordable in terms of price and deployment. nScrub is easy to configure even for beginners and companies with no experience with DDoS mitigation, it can be implemented as bump in the wire (i.e. no BGP or traffic tunneling necessary) or as router for on-demand traffic diversion. In this post we will go through the installation steps for …
nProbe

Improved nProbe Kafka Export Support: Theory and Practice
Kafka is a distributed messaging system widely used in the industry. Kafka can be deployed on just a small server but it can also scale up to span multiple datacenters. Given the scale and variety of possible Kafka deployments, it is desirable to have flexible, configurable producer applications able to adapt to and robustly feed any Kafka real-world deployment. nProbe, thanks to its export plugin, can be configured as a Kafka producer for the streaming of monitored/collected flows to categories called known as topics. The latest nProbe 8.3.x has been extended …
Announce

Introducing Multi-language Support in ntopng
Traditionally all ntop tools have manuals and user interface in English. As sometimes our users are not really familiar with it, we have decided to introduce user interface translation of the user interface so that we can make those users more comfortable when using ntopng. As the moment we have added support for Italian and German, but we might consider adding further languages in the future. When you first login to ntopng after installation you will notice that there is a new menu that allows you to set the language …
nProbe

Traffic directions, port mirrors and taps
Network taps have the ability to preserve traffic directions as based on the port you’re monitoring it is possible to know id traffic is going A -> B or B->A. With port mirrors you completely loose this information (this unless you creare a port mirror per direction, not always possible on all network switches) as directions are mixed up and thus typical breakdown charts in/down don’t work. In order to overcome this limitation, in nProbe mimic directions using MAC addresses. In essence if you know the MAC address of your …
nDPI

Is your Android phone safe? nDPI will tell you
Weeks ago I have added support for GoogleServices detection in nDPI and thus I wanted to test the code with real traffic. For this reason I started to play with a few Android phones in order to test the code on various OS releases and implementations. This is what I found out. The testbed was very simple: disable 3G/4G, start a packet sniffer application such a tcpdump/wireshark so that I could dump all traffic, connect the phone to a WiFi hotspot and wait< 1 minute without doing anything (start applications …
Announce

Introducing nProbe Cento 1.4 with Hardware Flow Offload
This is to announce the new 1.4 stable release of nProbe cento. The most important feature that comes with this new version is definitely the support for hardware flow offloading as well as various bug fixing and improved netflow template definition. We recently discussed the benefits of hardware flow offloading in another blog post. Hardware flow offloading alleviates, to a great extent, the pressure put on the CPU by intensive tasks such as classification (associating single packets to flows for accounting and deep packet inspection). Basically, hardware flow offloading means that …
nProbe

Network Monitoring 101: A Beginner’s Guide to Understanding ntop Tools
The first important step to start with network monitoring is to analyze what we want to monitor and how to deploy the monitoring solution in the existing network. Here are some important questions to ask ourselves before starting the actual monitoring: Do we need to monitor the entire network or just a specific segment? Do we already have network appliances with network flow export capabilities (e.g. NetFlow/sFlow devices)? Can we use port mirroring of a switch or a network TAP? Where are we deploying our network monitoring appliances to get …
ntop

Released nBox 2.6 Now Featuring a New Centralised Manager
This is to introduce a new nBox stable release 2.6, that includes many security enhancements, a reworked services management system to fully support systemd (available on latest CentOS/Ubuntu releases), and the new NxN user interface to monitor the status of all ntop applications running on distributed appliances in a single place and facilitate centralized management. The NxN manager includes a dashboard where you can add your nBox appliances, and it will automatically show all services running on each appliance, including informations like actual processed traffic and disk utilisation. The dashboard also lets …
ntop

Introducing n2disk 3.0
This is to announce n2disk 3.0 that is more than a maintenance release, as it: Consolidates pre-existing functionalities Adds extraction security features that pave the way to GDPR support. Adds flow offload support Simplifies storage management to avoid headaches during the n2disk configuration During our last meeting at Sharkfest EU we talked about Hardware Flow Offload. In essence, applications running on top of PF_RING and (supported) FPGA adapters are now able to offload flow processing to the network card that be programmed to: Keep flow state, doing (basic) flow classification in hw. Periodically …
Guides

PF_RING and Network Namespaces
Last week we made a couple of presentations at LinuxLab 2017 where we spoke about Containers, focusing on Network Namespaces support in PF_RING, and User and IoT-oriented Network Traffic Monitoring on Embedded Devices. With the advent of Containers, processes isolation has become extremely easy and effective, to the point that ordinary Virtual Machines have been reconsidered. Many ntop users today are running traffic monitoring applications in Docker, thus it’s important to understand how Containers work and how to make the best use of them. Network isolation is provided by Network Namespaces, a native feature of the …
Announce

Announcing ntopng 3.2 – The First Move Towards Active Network Monitoring
Today we are glad to announce the new 3.2 stable release of ntopng. Among the most important new features available in this release, there is without any doubt an advanced network devices discovery functionality. Historically, ntopng has always been a fully passive monitoring tool. This release aims at complementing the information gathered from a purely passive packet capture with precious extra bits of data obtained by actively searching for devices. Network devices discovery glues together multiple techniques and heuristics, including ARP pinging, SNMP querying, SSDP discovery and MDNS names resolution. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe