Blog

PF_RING

PF_RING 6.6 Just Released
After almost one year of development, this is to announce the release of PF_RING 6.6. In this release we have worked on different areas: Introduced nBPF, a software packet-filtering component similar to BPF, that is able to exploit hardware packet filtering capabilities of modern network adapters and transparently deliver these facilities to user-space applications such …
ntopng

Network Security Analysis Using ntopng
Most security-oriented traffic analysts rely on IDSs such as Bro or Suricata for network security. While we believe that they are good solutions, we have a different opinion on this subject. In fact we believe that it is possible to use network traffic monitoring tools like ntopng to spot many security issues that would make and …
PF_RING

Capture, Filter, Extract Traffic using Wireshark and PF_RING
Last year we introduced our new nBPF library able to: 1. Convert a BPF filter to hardware rules for offloading traffic filtering to the network card, making it possible to analyse traffic at 100G. 2. Accelerate traffic extraction from an indexed dump set produced by n2disk, our traffic recording application able to produce multiple PCAP …
Guides

Filling the Pipe: Exporting ntopng Flows to Logstash
Logstash comes in very handy when it is necessary to manipulate or augment data before the actual consolidation. Typical examples of augmentation include IP address to customer ID mappings and geolocation, just to name a few. ntopng natively supports network flows export to Logstash. The following video tutorial demonstrates this feature. …
News

Meet ntop on April 28th @ Microsoft Munich
This year we’ve accepted the invitation from Wuerth-Phoenix to be part of their Roadshows 2017 and talk about network and system monitoring. The first workshop will be in Munich, Germany on April 28th. All ntop users are invited to come and talk about our monitoring tools.   ntop am 28. April bei Microsoft in München Wie …
ntop

What Is a Microburst and How to Detect It?
It’s not uncommon to see network administrator struggling tracking down packet drop on network equipments at interface level, while having a low average link utilisation. At the end it often turns out to be due to a phenomenon (well) known as microburst. While forwarding data between network links, network equipments absorb spikes with buffers, when …
nProbe

Collecting Proprietary Flows with nProbe
nProbe has been originally designed as an efficient tool able to capture traffic packets and transform them into flows. Call it network probe or sensor. Over the years we have added the ability to collect flows (i.e. nProbe is both a probe and a collector), so that nProbe can now act as probe, collector, also …
PF_RING

Positioning PF_RING ZC vs DPDK
Last week I have met some PF_RING ZC and DPDK users. The idea was to ask questions on PF_RING (for the existing ZC users) and understand (for DPDK users) whether it was a good idea to jump on ZC for future projects or stay on DPDK. The usual question people ask is: can you position …
ntopng

Clustering Network Devices using ntopng Host Pools
In computer networks, devices are identified by an IP and a MAC. The IP can be dynamically assigned (so it might not be persistent), whereas the MAC is (in theory) unique and persistent for identifying a device. Non-technical users, do not know these low-level details, and in general it makes sense to cluster devices using …
nProbe

Monitoring VoIP Traffic with nProbe and ntopng
VoIP applications usually limit theirs monitoring capabilities to the generation of CDR (Call Data Records) that are used for the generation of billing/consumption data. In essence you know how many calls a certain user/number has made, the duration etc. While this information can be enough for basic monitoring, it is not enough for guaranteeing reliable …
cento

Stream That Flow: How to Publish nProbe/Cento Flows in a Kafka Cluster
Apache Kafka can be used across an organization to collect data from multiple sources and make them available in standard format to multiple consumers, including Hadoop, Apache HBase, and Apache Solr. nProbe — and it’s ultra-high-speed sibling nProbe cento — integration with the Kafka messaging system makes them good candidates source of network data. The delivery of network data to a …