ntopng

Moving Towards ntopng 1.1
It has been a busy summer here at ntop. Since the initial ntopng 1.0 release, we have tried to fill the gap in terms of missing with respect to the original ntop. This post is to update you about the new features of the upcoming 1.1 release schedule for this fall and that are currently available in the SVN development tree: Ability to support multi-interfaces. This means that you can repeat on the command line “-i <interface>” multiple times, one per interface you want to add. Use of HTTP sessions …
nProbe

Tracking and Troubleshooting Mobile Phone Users (IMSI) using the MicroCloud
The microcloud is one of the fields where s used extensively by mobile network operators. The reasons are manyfold: Data aggregation facilities offered in realtime by the microcloud. Realtime user-to-tunnel mapping. User traffic-to-user correlation. Unfortunately when a mobile network is populated by million of active users (IMSI), troubleshooting a problem can be a problem. Tools such as wireshark that are used on fixed networks do not work because: The network is distributed, so there is not single sniffing point, but rather it is necessary to deploy our tools across the …
ntopng

ntop is back: ntopng 1.0 just released
After 15 years since the introduction of the original ntop, it was time to start over with a new, modern ntop. We called it ntopng, ntop next generation. The goal of this new application are manyfold: Released under GNU GPL3. Feature a modern, HTML5 and Ajax-based dynamic web interface (caveat: you need a modern browser to use ntopng). Small application engine, memory wise and crash proof. Ability to identify application protocols via nDPI, ntop’s open-source DPI (Deep Packet Inspection) framework. User’s ability to script, extend, and modify ntopng pages coding …
nDPI

Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification
From time to time we receive emails form people asking how nDPI compares with other similar toolkits. Licio Marchetti has shared this report Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification written by the Universitat Politècnica de Catalunya that says: “the best accuracy we obtained from NDPI (91 points), PACE (82 points), UPC MLA (79 points), and Libprotoident (78 points)”. So nDPI looks in good shape 🙂 This said, last week we have improved quite bit the Bittorrent and Skype dissectors and we have create a small test tool that demonstrate …
PF_RING

PF_RING 5.6.0 Released
This is to announce the release of PF_RING 5.6.0. We recommend all users to install this release as we have fixed a couple of critical bugs. Changelog: PF_RING Kernel module Fixed bug that prevented the PF_RING cluster to work properly with specific traffic Documentation User’s guide translated to russian (courtesy of ridervka@yandex.ru) Libzero Fixed bug that caused the DNA bouncer to process the correct packet Examples pfwrite Added support for the microcloud so that for GTP traffic it is possible to dump traffic of specific IMSI phone Added support for …
PF_RING

PF_RING 5.5.3 Released
Today we have released a new maintenance version of PF_RING. We suggest all users to update if possible. PF_RING Kernel module – Support for injecting packets to the stack – Added ability to balance tunneled/fragmented packets with the cluster – Improved init.d script – Packet len fix with GSO enabled, caplen fix with multiple clusters – Bug fixes for race condition with rss rehash, memory corruption, transparent mode and tx capture, kernels >= 3.7. Drivers – Added PF_RING-aware driver for Chelsio cards (cxgb3-2.0.0.1) – New release for PF_RING-aware igb (igb-4.1.2) …
ntop

It’s time for a completely new ntop. Say hello to ntopng.
15 years are past since the first version of ntop. In 1998 network monitoring requirements were very different from today: few protocols (mostly in plain text) to monitor, IP was not yet “the only protocol”, low network speed, very few connected hosts, no iPhones yet, raspberry was still a fruit, Linux was still for geeks. In 2013 the whole picture is very different. One gigabit links are now commodity (10 Gbit is around the corner), (too?) many hosts interconnected and mobile, application protocols (e.g. Spotify or Skype) are “the” protocols …
PF_RING

Who (Really) Needs Sub-microsecond Packet Timestamps?
Introduction For years network adapter manufacturer companies have educated their customers that network monitoring applications can’t live without hardware packet timestamps (i.e. the ability for the network adapter to report to the driver the time a given packet was sent or received). State of the art FPGA-based network adapters [1, 2, 3] have hardware timestamps with a resolution of +/- ~10 nsec and accuracy of +/- ~50 nsec so that monitoring applications can safely assume an accuracy of  100 nsec in measurements, for sub-usec measurements. Commodity adapters such as Intel 1 …
n2disk

Learning The ntop World of Apps
The main criticism to ntop is the lack of documentation. This is because we have to maintain many projects, have little time, and also because we prefer coding to documentation. We decided to fill this gap and give a positive answer to your requests: We have created the nBox GUI to enable you to use all our applications without the pain of compiling and configuring them. This is a free product that everyone can use to build their own measurement gear or just to start ntop using a web browser. …
n2disk

How to build yourself a nBox Probe and Packet Recorder
If you need a network probe or a packet recorder you have two options. Grab a turn-key nBox or built it yourself using our software. In the first case you will receive a optimised system, with the right motherboard/CPU/NIC for your monitoring tasks and all software preinstalled/configured. However if you want to build yourself your nBox (e.g. you can reuse an old/spare server or get a new one if you plan to address 10 Gbit monitoring) you can now do it. Below we will describe how to build it step by …
nDPI

Configuring nDPI for Custom Protocol Detection
The first release of nDPI was basically a refresh of the OpenDPI library on which nDPI is built. Over the past few months we have made many changes including: Port to various platforms including Linux, MacOSX, Windows and FreeBSD. Enhancement of the demo pcapReader application both in terms of speed/features and encapsulations supported (for instance you can now analyse GTP-tunneled traffic). Ability to compile nDPI for the Linux kernel so that you can use it for developing efficient kernel-based modules. Various speed enhancements so that nDPI is now faster than …
n2disk

Filtering n2disk-captured Packets and Replaying them at 10 Gbit using the nBox
The nBox is not just a no-cost web GUI for ntop products, but it’s a totally new experience for dealing with pcap files. n2disk is able to index packets while capturing and then filter captured packets. Once you have filtered your favourite packets (based on a BPF filter and a time span) you can then download them to your PC or reproduce them at line rate (or at any speed you like). Even BPF filters are simplified with the nBox thanks to the ability to drag and drop filtering expressions …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe