ntopng

ntopng 2.6 Roadmap
As we have released 2.4, it is now time to plan for the next release and highlight the list of features we plan to implement so we can start a discussion and get some feedback. The major changes we would like to introduce include: Rework interface views to make them more efficient and not an expecting as they are today. Add full support for sFlow/NetFlow so that we can keep per interface statistics as many other collectors do. Introduce some “enterprise-oriented” features such as per-AuthononousSystem statistics and traffic accounting, qcreate …
Guides

Best Practices for Efficiently Running ntopng
The default ntopng configuration, is suitable for most of our users who deploy it on a home network or small enterprise network (typically a /24 network) with link speed <= 100 Mbit. This does NOT mean that ntopng cannot operate on faster/larger networks, but that it cannot be used without any configuration. The first thing to modify are the -x/-X settings. You need to set them to double the max size you expect on your network. Example if you expect to have (including both local and remote hosts) at most …
ntopng

Announcing ntopng 2.4: Efficiency is Beauty
At ntop we are on a mission to develop enterprise-grade networking software, mostly open-source, and free of charge for no-profit/research organizations. Since our inception, we have been passionately and resiliently developing software to allow our users to monitor, protect, and preserve their network infrastructure. And we have been doing this in a relentless pursuit for the best and most efficient solution. We know that in the big-data era it is becoming increasingly easy to “add an extra appliance” — after all, it’s not that expensive — but this is not at the heart of our …
nProbe

Introducing nProbe Cento: a 1/10/40/100 Gbit NetFlow/IPFIX Probe, Traffic Classifier, and Packet Shunter
Traditionally ntop has focused on passive traffic analysis. However we have realized that the traffic monitoring world has changed and looking at network flows is no longer enough: People want to enforce policies: if the network is hit by a security threat you need to stop it, without having to tweak with router ACLs or deploying yet another box to carry on this task. Combine visibility with security: flow-based analysis has to be combined with traffic introspection, activities that tools like Bro, Suricata and Snort do. Unfortunately these applications are CPU-bound so, in order to boost …
nProbe

Introducing nProbe 7.4
This to announce the release of nProbe 7.4. We have worked hard in this version to improve it in several way by better integrating it with ntopng, improving network performance metrics computation, ability to export data to big-data systems, make VoIP quality metrics more reliable. However the bigger innovation in this release is the probe scriptability using Lua (see the nProbe User’s Guide for all details). You can now perform actions on flows (e.g. if you see a DNS query for host www.ntop.org then execute action X) and start moving …
Guides

Tweaking MySQL to Improve ntopng Flows Storage Space Usage
Edit: MySQL tables engine has been migrated to MyISAM in ntopng 2.4 so this post only applies for versions <= 2.3. This is the first post that tries to give hints on how to tweak MySQL settings to better accomodate flows exported by ntopng. In particular, in this post it is discussed how to improve disk space usage. Hopefully, a series of posts with tips and tricks on how to improve responsiveness and reduce query time will be published in the future. ntopng  MySQL flow export can be enabled using …
n2disk

n2disk 2.6 Just Released
This is to announce the release of n2disk 2.6. In this release we have made many changes to the indexing system adding a new flow-based index that should improve packet retrieval as well pave the way to flow+packet+l7 inspection+index integration that will be completed with the next nProbe cento release that will happen later this month. This will enable you to find packets based on l7 protocol: example you can do “host 192.168.1.3 and l7proto WhatsApp”. Stay tuned for the cento release. Finally we would like to ask the community if …
PF_RING

PF_RING 6.4 Just Released
This is to announce the release of PF_RING 6.4 that contains various improvements, new network adapters supported in ZC mode (including Intel 100 Gbit), and bug fixes. Developers can access the documentation for the PF_RING 6.4 API in Doxygen format. Changelog PF_RING Library Improved Myricom support, new naming scheme to improve usability Improved Napatech support, 100G support Improved Accolade support New Invea-Tech support New API pfring_get_metadata to read ZC metadata New pfring_get_interface_speed API New API pfring_version_noring() C++ wrapper improvements Removed DNA legacy ZC Library New API pfring_zc_set_device_proc_stats to write /proc stats …
n2disk

How to Build a 2×10 Gbit Packet Recorder using n2disk and PF_RING (2016 Update)
Earlier in 2014 we advised how to build a continuous packet recorder using n2disk and PF_RING. Since that time computing architectures have progressed, we have added support for new ethernet controllers, and so it’s now time to refresh that post for all those willing to build a box themselves. The specs below are for 2 x 10 Gbit; for 1 x 10G you can use half of the components in most cases. CPU: we advise an Intel E5 with at least 3 GHz and 8 cores for all options (indexing and …
nDPI

Released nDPI 1.8
This is to announce the release of nDPI 1.8. In this version we have updated many protocol dissectors, simplified the API as well started to introduce changes that will be further improved in future versions. As usual we have changed many protocols dissectors. The whole changelog can be found below. Many thanks to all contributors! Changelog Recoded DNS and QUIC dissectors Code passed checks of static code analysers Added API wrappers (to be used in apps using nDPI) for substring-search ndpi_init_automa() ndpi_free_automa() ndpi_add_string_to_automa() ndpi_finalize_automa() ndpi_match_string() set_ndpi_malloc() set_ndpi_free() Added new ndpi_detection_giveup() …
News

Learn more about ntopng at RIPE72
This week we will attend the RIPE 72 meeting in Copenhagen, DK. Thanks to Martin Winter (co-founder of NetDEF) we will  speak about ntopng at two events on Thursday, May 26th: At 11AM we will introduce ntopng at the Open Source Working Group. At 3PM in room “Akvariet 2” we will run a two hours tutorial about ntopng and current/future ongoing developments we are carrying on. These events would be a good time for learning more about our tools, and for discussing extensions, future work items, issues you would like …
Guides

How to Analyse MikroTik Traffic Using ntopng
MikroTik routers are pretty popular in particular in the wireless community and many users of the original ntop are familiar with it. With the advent of ntopng, we have decided to avoid natively supporting netflow in ntopng due to the many “dialects” a of the protocol and leave to nProbe the task to do the conversion of flows onto something ntopng can understand. For this reason the workflow is the one depicted below: The first thing to do is to configure NetFlow (both v5 and v9 are used) on the MikroTik that cane …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe