Announce

You’re invited to the ntop Meetup at Flocon 2016
Topic: ntop Meetup – Affordable High-Speed Sensors Everywhere Abstract:  Come and meet Luca Deri, members of the ntop team, and fellow “ntop stack” users and partners as we talk about making instrumentation of the entire infrastructure possible with sensor prices at cost points not before considered possible!  Luca and his team are also looking for your input and feedback for their 2016 roadmap! When: 5:30-7:00 p.m., Wednesday, January 13th Location:  Flocon 2016 Conference, Coquina Ballroom A Refreshments provided courtesy of Kentik Technologies Meetup Presentation Slides Agenda:1) Luca Deri:  ntop Roadmap/Discussion (30 …
Announce

ntop 2016 Roadmap
2015 has been a year full of activities that allowed us to consolidate our tools and thus provide a better service to the community. In 2016 the plan is the following: 100 Gbit As in 2015 we have added support for 40 Gbit in PF_RING, 2016 will be the year of 100 Gbit. We already support the Accolade and Napatech 100 Gbit NICs in PF_RING, but the plan is to make 100 Gbit commodity, and thus as soon as the new Intel Red Rock Canyon adapters will be available (we expect …
Guides

Ntopng Integration with Nagios
Discontinuation Notice This post becomes obsolete effective with ntopng 4.1+. Full discontinuation notice available here. This tutorial shows how to properly configure nagios and ntopng (Professional) in order to send asynchronous ntopng-generated alerts to nagios. Prerequisites It is assumed that the following software is already installed and properly configured: nagios daemon nagios NSCA (Nagios Service Check Acceptor) daemon ntopng Professional Please see the Resources section at the bottom of this page for useful links and guides on how to set-up nagios and NSCA daemons. Tutorial Set-Up This tutorial uses two hosts connected to …
ntopng

ntopng 2.2 Just Released
After over 6 months of work, we’re pleased to announce the release of ntopng 2.2 (as already discussed even numbers identify stable releases whereas odd number development versions). The goal of this release has been to consolidate the existing work, fix issues reported by users, improve the reports we have introduced in 2.0 and pave the way for the next development iteration where we plan to add new features (we’ll present the roadmap in the next few weeks). The main new features of this release is the introduction of traffic …
PF_RING

Introducing PF_RING 6.2
This is to announce the release of PF_RING 6.2 that has several improvements with respect to the previous version. As previously accounted, we have extended support of non-Intel devices in PF_RING to provide you the best experience supporting many new devices (and a few more will come in the following months). We have specialised PF_RING for FPGA-based adapters, and added support of 100 Gbit adapter such as those manufactured by Accolade technology and Napatech. As you might have noticed, we have moved release versioning to odd/even numbers. An even minor version …
PF_RING

Using (Suricata over) PF_RING for NIC-Independent Acceleration
In the past few years we have tried to open PF_RING in an attempt to turn it into the “new pcap” API for packet processing. Recently we have added native support for speedy FPGA-based NICs and thus created a single API for efficient NIC-independent packet processing. If you are interested in hearing more about this subject, you can have a look at the slides or watch the video of our presentation, held in Barcelona at the Suricata Conference 2015. Enjoy! …
PF_RING

PF_RING now supports Accolade, Myricom, Napatech at 10/40/100 Gbit (and commodity NICs)
For years we have optimised PF_RING to support multi-10 Gbit/40 Gbit operations in zero-copy at line rate using ZC. Our users know that using PF_RING they can operate at line rate in RX+TX, balance packets across processes, drop/prioritise traffic etc etc. After a few years where commodity NICs (mostly Intel) combined with PF_RING  have reached basically the same performance of FPGA-based adapters, the rush towards 100 Gbit has revamped interested towards non-commodity NICs. Due to this, you can now find on the market FPGA-based network adapters from companies such as …
ntopng

Exploring Historical Data Using ntopng
In the original ntopng it was possible to navigate historical information using a so called “Historical Interface”. Such interface was a logical network interface able to read flow data from a SQLite archive and present them on the web interface. This approach had various limitations when it was used to navigate data on a long term window, as all flows had to be restored on memory before visualising them, process that can take a lot of memory and time when data cardinality increases. In the ntopng 2.1 development version, we have …
nProbe

Yes, There’s Life After NetFlow
At ntop we’ve been playing with NetFlow/IPFIX since more than 10 years and been part of its standardisation. While we acknowledge that concept of flow (a set of packets with common properties such as the same IP/port/protocol/VLAN) is still modern, the NetFlow format is now becoming legacy as we have already discussed some time ago. Modern data crunchers such as those belonging to the big data movement or emerging data storage systems (e.g. Solr or ELK) are  based on the concept that information has to be defined on an open format (usually …
Announce

Released nDPI 1.7
This is to announce the release of nDPI 1.7. In addition to many new/updated dissectors, the main change of this release is the ability to identify subprotocols. For instance a DNS request Facebook is not identified as DNS.Facebook (previously only Facebook). This is a great additions for apps that used nDPI to block protocols and that failed due to lack of subprotocol support. We have also revised the core library code so that plugin initialisation is now stored in the plugin itself, making the library core shorter and more readable. …
nDPI

Using ntopng to Implement a WiFi Access Point with Layer 7 Traffic Enforcement
  This post will teach you how to create a cheap WiFi access point able to enforce layer-7 application protocols. In order to do this you can use a cheap RaspberryPi or BeagleBoard with a USB WiFi stick, or use a x86 PC.   The USB stick we use is the following # lsusb Bus 002 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter and once plugged onto a USB port it is immediately recognised by Linux (in this post we use Ubuntu Linux but other distro will …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe