ntop

Do you want to work for ntop?
As ntop software is increasing in popularity, we need help for supporting our users and working at new developments. Therefore we are looking for someone to join our development time, help us, and assist the user community.   Job Description We are looking for a candidate located in Italy or in a similar time zone (CET) willing to work remotely or (better) at our main location in Pisa. We offer semi-flexible working hours with a set of time to be allocated every day Mon-Fri during standard working hours (9 AM …
PF_RING

PF_RING Deep Dive: Interview with Ivan Pepelnjak
In late March, Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng, and in a second interview about PF_RING. The main topic of the second interview have been: What is the difference between PF_RING and the Linux built-in packet capturing module; How can you process over 10 million packets per second per CPU core? Do you need special device drivers for PF_RING or can you use the standard Linux NIC drivers? How does a packet processing application interact with the PF_RING library? How do you spread packets across multiple cores, multiple …
PF_RING

PF_RING 6.0.3 Just Released
Today we have released PF_RING 6.0.3,  a maintenance release that includes many fixes and small changes. The release changelog is listed below. PF_RING Library New pfring_open() flag PF_RING_USERSPACE_BPF to force userspace BPF instead of in-kernel BPF with standard drivers New API pfring_get_card_settings() to read max packet length and NIC rx/tx ring size New Napatech support Support for up to 64 channels with standard drivers, pfring_set_channel_mask() has a 64bit channel mask parameter now Reworked IPv6 parsing Configure parameter –disable-numa to remove libnuma dependency ARM fixes Minor bpf memory leak fix ZC …
ntop

ntopng Deep Dive: Interview with Ivan Pepelnjak
Last month Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng. The main topic of the interview were: How it all started and why did Luca decide to start the ntop (and PF_RING) project? What is ntopng (next-generation ntop) and why did they rewrite the product? What are nprobe and nbox? The distributed architecture of ntopng, including probes, data sources, collectors, and the central analyzing engine; Combining ntop and elastic search; Why it makes sense to convert all data into JSON format? What are the problems of …
ntopng

Using ntopng (pre) 2.0 on a Ubiquity EdgeRouter
NOTE: due to limited resources, we have decided to discontinue ntopng on the Ubiquity. Please see this article for more updated information. As the release of ntopng 2.0 is around the corner (we are fixing the last bugs, polishing the GUI and writing some documentation), we want to show how to turn a cheap device such as the Ubiquity EdgeRouter into a traffic monitor and layer-7 policy enforcer as depicted below. NOTE: if you bridge traffic using ntopng, please make sure you do not create loops. A typical mistake is to …
ntopng

Moving towards ntopng 2.0
As you know, our plan is to release ntopng 2.0 later this spring. While we are still coding the last missing features, we have start packaging the tool so that you can start testing it. We have decided to create two versions of ntopng: Community edition: free open-source version, that you can use at no cost. Professional version: fee-based version, that includes features useful in companies. Of course this version will be free of charge for educations and universities as with all other ntop commercial products. There will also be …
nDPI

How to Enforce Layer-7 Traffic Policies Using ntopng
ntopng has been traditionally used to passively monitoring network traffic. However as years ago  IDS (Intrusion Detection System) became mature products and eventually became IPS (Intrusion Prevention System), it was time to add inline traffic capabilities in ntopng. This post gives you s sneak preview of this new feature (still under development) that will be included in the upcoming ntopng release. The idea is to combine network traffic monitoring with traffic enforcement so that you can use ntopng not just for monitoring your users (or your children if you are …
News

Come to see the new ntopng at CeBIT 2015
As you might have noticed, we are busy working at ntopng. We will soon publish a blog post where we summarise the current activities and what is still missing before the next version of ntopng will be released. However we believe that while communicating through the Internet is a convenient way to reach the ntop community, we still believe that a physical meeting is also desirable. For this reason we thank our long-time partner Wuerth-Phoenix for hosting us at CeBIT Open Source Park where we can demonstrate the new ntopng at work …
Announce

ntop 2015 Roadmap
Like every year, we have made a short-term plan for the first half 2015. As we are a research-oriented company, we plan to tackle open issues or provide better answer to existing ones. This is our short list of activities we are carrying on: 40 Gbit We are in the process of supporting the new Intel X710 and XL710 network adapters. They are able to operate at 10 and 40 Gbit (1 x 40 Gbit or 4 x 10 Gbit). The PF_RING ZC drivers are under development and on the PF_RING SVN …
ntopng

Using ntop Applications with Docker and OpenStack
In order to ease the deployment of our applications, in addition to source code distribution, we have released binary packages (x64 and ARM) for CentOS/RedHat and Ubuntu/Debian. For PF_RING, that requires to be compiled against the installed kernel version, we have moved to DKMS so that you are no longer required to use the same kernel version we use for packaging it. However the current trend is going towards virtualised environments (not just VMs such as VMware) and IaaS (Infrastructure as a Service) and thus we need to support them.   Docker …
PF_RING

Accelerating Snort, Bro and Suricata with PF_RING ZC
Over the past few months we have spent quite some time to accelerate popular open-source IDS/IPS with PF_RING ZC. The result is that you now have the option to select your favourite security product as we support all, at no cost, using PF_RING ZC in both IDS and IPS mode. From our benchmarks we have seen that the acceleration with respect to vanilla Linux AF_PACKET is good even using  standard (non ZC) PF_RING. We will provide some test results in the near future, but in the meantime we invite you …
n2disk

Building a (Cheap) 2×10 Gbit (Continuous) Packet Recorder using n2disk and PF_RING
Continuous packet recorders are devices that capture network traffic and save it to disk. The term continuous means that this activity is performed “continuously” until the device is active and not just for a few minutes. At ntop we have developed two companion applications to be used on a packet recorder: n2disk is a software application that captures network at line rate (multi 10 Gbit) and dumps it to disk on pcap format. During packet capture, n2disk can also: Create a pcap index to be used for searching specific packets …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe