ntopng

Introducing ntopng Hosts Activity Monitor
Many users requested us a simple way to visualise hosts activity overtime. In essence have the ability to answer questions like: What hosts were active during the week-end When a host is using most of the network. What hosts were active when a certain event happened. This is what hosts activity monitor does. In the dev branch, ntopng has been enhanced with a new menu entry under the hosts page, that shows in a heatmap the activity of local hosts. From the menubar it is possible to specify an arbitrary …
nProbe

How To Implement Packet and Flow Deduplication
Depending on the network topology and configuration, your monitoring tools can receive the same traffic multiple times. This problem is called data duplication. Duplication can happen at packet or flow level: Packet duplication The same packet is received multiple (usually twice) times, either one after the other, or within a short mount of time. Note that this has nothing to do with TCP data retransmission that is a totally different scenario. Flow duplication Two or more flow-devices observe the same traffic, and emit the same flow at the same time. …
Announce

Introducing Centralized License Manager for Dynamic Environments
We continually strive to make the software configuration and management more flexible and easier for the users. To this end, we are excited to announce the launch of a new way of licensing the software feature: the centralised License Manager (LM). This tool simplifies software license management by dynamically allocating licenses to various application instances running within your network. The LM is another option you can use in addition to “traditional” systemId-based licenses that we use today. What is the centralised License Manager? Managing software licenses across multiple instances within …
Cybersecurity

Can ntopng be considered an IDS (Intrusion Detection System) ?
ntopng is not typically classified as an Intrusion Detection System (IDS) in the traditional sense, but it does have some features that overlap with IDS functionalities. Let me explain the differences and how ntopng might serve a similar role: What is ntopng? ntopng is an open-source network traffic monitoring tool that provides visibility into network traffic and performance. It is primarily used for: Network Monitoring: Tracking traffic flows, bandwidth usage, and the behaviour of network devices. Traffic Analysis: Deep Packet Inspection (DPI) based on nDPI to analyse protocols, applications, and …
ntop

Introducing Multilanguage AI/LLM Support (beta)
In order to assist our community with 24/7 support, we have built an AI/LLM-based bot that has been trained on the ntop documentation (all products including ntopng, nProbe, nDPI…) and blog posts on this website. Currently this service is available in beta version and it is accessible using Discord on our ntop server (read here how to access it). You can use it asking questions in plain English/German/Italian/French/Dutch/Spanish…. so we hope that the language barrier will finally be solved.   Please send us your comments and in case there is …
nProbe

HowTo Configure Flow Collection in nProbe and ntopng
In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Probe mode. nProbe captures network packets that are converted into flows that are then exported to ntopng. Collection mode. nProbe collects flows produced by a probe such as a router. Flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use custom information elements. In addition nProbe takes care …
ntop

Using ntopng to Improve Corporate Security
Today we report how ntopng has been used by Alabus AG to improve the corporate security (German version down this page). Enjoy ! PS. ntop users are very welcome to contact us reporting how they use ntop tools. ntop is used as a basis for analyzing the entire network traffic and it generates a very large number of daily alerts, which are caused by known and unknown anomalies and then it historizes all network flow data for possible later forensics. As an SME, we do not have the necessary resources …
ntop

Call for Presentations for ntopConference 2025 is Now Open
Next year the ntop community will meet in Zürich, Switzerland  for a two days event (training and conference) on May 7 and 8th. As already happened in the past, we want to meet our users and discuss with them what we have done and what are the future directions to take. This event will not happen without our community hence we are looking for speakers willing to present  interesting use cases, solutions, challenges, report experiences or anything that is relevant for our community. We have selected Zürich as location in …
nDPI

How First Packet Classification (FPC) Works in nDPI
Starting with nDPI 4.10, we have introduced a new feature called First Packet Classification (FPC). Goal of this technique is to address one problem of DPI that detects a protocol only when traffic has been dissected. This means that for TLS you need a few packets (usually between 5 and 10) for protocol dissection, as nDPI has to wait until TLS handshake packets are exchanged. This can be a problem in particular when DPI is used with inline traffic (e.g. on a IPS) as the decision about the application protocol …
ntop

Announcing ntop Professional Training: October 2024
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in October we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 15th, 17th, 22nd, 24th, 29th, 31st of October, 2024 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session lasts …
ntopng

How Historical Flows Replay Works
ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added a new “play” button shown in the picture below. In order to use this new feature, you need to: Select the time span you are interested in (e.g. the last hour) Optionally you can set …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe