ntop

Introducing nScrub: Powerful yet Affordable DDoS Mitigation
ntop has always tried to make the Internet a better place by developing many open-source network monitoring tools, and releasing all the software at no cost to non-profit and education. A few years ago, Qurium/VirtualRoad, a swedish foundation offering secure hosting to independent online news outlets and human rights organisations, contacted us. The reason was that after years mitigating attacks using proprietary appliances and servers running customised Linux kernel code based on netfilter, they reached the conclusion that those solutions were not affordable, or flexible, or fast enough. Their experience with …
n2disk

Introducing n2disk 2.8 with Microburst Detection
Together with PF_RING 6.6, today we also released n2disk 2.8. In this release we introduced support for microburst detection in order to spot traffic bursts, which is crucial in identifying potential capacity issues and troubleshooting packet loss in network equipments. We also improved our “fast” BPF engine extending the supported primitives, and improving the ability to match tunneled traffic. More tools have been added, for playing with the dump set, for instance for moving part of the dump set to an external storage, or deleting PCAP files in a specified time …
PF_RING

PF_RING 6.6 Just Released
After almost one year of development, this is to announce the release of PF_RING 6.6. In this release we have worked on different areas: Introduced nBPF, a software packet-filtering component similar to BPF, that is able to exploit hardware packet filtering capabilities of modern network adapters and transparently deliver these facilities to user-space applications such as nProbe and ntopng, or non-ntop applications such as Wireshark and Suricata. Improved PF_RING ZC Intel 40 Gbit drivers to transparently provide users that ability to use these NICs without having to pay attention to …
ntopng

Network Security Analysis Using ntopng
Most security-oriented traffic analysts rely on IDSs such as Bro or Suricata for network security. While we believe that they are good solutions, we have a different opinion on this subject. In fact we believe that it is possible to use network traffic monitoring tools like ntopng to spot many security issues that would make and IDS too complex/heavy to use (if possible at all). What many of our users are asking, is the ability to highlight possible scenarios where there is a potential security issue to be analysed more in …
PF_RING

Capture, Filter, Extract Traffic using Wireshark and PF_RING
Last year we introduced our new nBPF library able to: 1. Convert a BPF filter to hardware rules for offloading traffic filtering to the network card, making it possible to analyse traffic at 100G. 2. Accelerate traffic extraction from an indexed dump set produced by n2disk, our traffic recording application able to produce multiple PCAP files together with an index. Along with that library we released a tool n2if, able to create virtual interfaces to be used in Wireshark for implementing line-rate hardware packet filtering at 100G with Wireshark and filtering terabytes …
Guides

Filling the Pipe: Exporting ntopng Flows to Logstash
Logstash comes in very handy when it is necessary to manipulate or augment data before the actual consolidation. Typical examples of augmentation include IP address to customer ID mappings and geolocation, just to name a few. ntopng natively supports network flows export to Logstash. The following video tutorial demonstrates this feature. …
News

Meet ntop on April 28th @ Microsoft Munich
This year we’ve accepted the invitation from Wuerth-Phoenix to be part of their Roadshows 2017 and talk about network and system monitoring. The first workshop will be in Munich, Germany on April 28th. All ntop users are invited to come and talk about our monitoring tools.   ntop am 28. April bei Microsoft in München Wie wird die IT zu einem echten Service Enabler? Wie wird sich das Monitoring im Zeitalter von Industrie 4.0 entwickeln? Welche Neuigkeiten sind herstellerübergreifend in nächster Zeit zu erwarten? Eine neue Form des Managements und Monitorings …
ntop

What Is a Microburst and How to Detect It?
It’s not uncommon to see network administrator struggling tracking down packet drop on network equipments at interface level, while having a low average link utilisation. At the end it often turns out to be due to a phenomenon (well) known as microburst. While forwarding data between network links, network equipments absorb spikes with buffers, when buffers fill much quicker than they empty because of a line-rate burst, they overflow and packet loss occurs (yes you drop even though your like is in average little used). Now it’s clear that having …
nProbe

Collecting Proprietary Flows with nProbe
nProbe has been originally designed as an efficient tool able to capture traffic packets and transform them into flows. Call it network probe or sensor. Over the years we have added the ability to collect flows (i.e. nProbe is both a probe and a collector), so that nProbe can now act as probe, collector, also proxy by covering flows across formats. For instance you can collect IPFIX flows and export them in NetFlowV9. All this following the standards as confirmed by the IPFIX interoperability tests. Until now we focused in …
PF_RING

Positioning PF_RING ZC vs DPDK
Last week I have met some PF_RING ZC and DPDK users. The idea was to ask questions on PF_RING (for the existing ZC users) and understand (for DPDK users) whether it was a good idea to jump on ZC for future projects or stay on DPDK. The usual question people ask is: can you position ZC vs DPDK? The answer is not a simple yes/no. Let’s start from the beginning. When PF_RING was created, we have envisioned an API, persistent across network adapters, able to give people the ability to …
ntopng

Clustering Network Devices using ntopng Host Pools
In computer networks, devices are identified by an IP and a MAC. The IP can be dynamically assigned (so it might not be persistent), whereas the MAC is (in theory) unique and persistent for identifying a device. Non-technical users, do not know these low-level details, and in general it makes sense to cluster devices using other criteria. VLANs are a way to logically group devices belonging to the same administrative domain, but this is still a low-level network-level properly. When administering a network, we have have realised that we need …
nProbe

Flow-Based Monitoring, Troubleshooting and Security using nProbe
nProbe is a tool developed over the last 10 years, and thus it has been extended and improved year by year. However many users, even those who are using it since a long time, might not know all its features. Next week at Flocon 2017, I will give a talk about nProbe. The idea is to position nProbe (e.g. against the popular YAF tool), highlight what people can do with it (in addition to traffic monitoring and troubleshooting) and learn that nProbe is much more than a network sensor. I invite …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe