ntopng

HowTo Use Host Policy to Detect Misbehaving Hosts
ntopng has several ways to spot unusual traffic patterns, like: Checking if a device is behaving strangely. Sending alerts when a threshold is reached. Looking for changes in traffic metrics (like how much traffic is coming from a particular host). Seeing if host services change. To make these checks even better, ntopng added a new flow behavioral check called “Host Policy.” The idea is simple: there are some special devices on a network, like routers, switches, printers, and other non-general-purpose devices, that shouldn’t send traffic to the Internet. Except for …
Announce

Introducing the New Infrastructure Dashboard in ntopng
For this reason, some time ago we introduced the Infrastructure Monitoring in ntopng, as described in a previous blog post, which is the ability to use ntopng to monitor other ntopng instances, by means of its Active Monitoring capabilities. This infrastructure monitoring feature allows users to gain real-time insights into the status of their ntopng instances, as well as monitor the network interconnecting them. Now, we are excited to introduce a further extension to the Infrastructure Monitoring in ntopng, the new Infrastructure Dashboard. This enhancement enables users to efficiently oversee multiple …
nDPI

When Traffic Obfuscation Falls Short: nDPI vs NordWhisper NordVPN
In recent years, numerous virtual private networks (VPNs) have been introduced to the market. Some of these VPNs are standalone applications, while others are integrated into web browsers or other network applications. All of these VPNs promise users a private browsing experience by preventing users from being tracked and observed, particularly on public hotspots. Popular countermeasures detect these VPNs (often based on WireGuard or OpenVPN) and prevent their use to circumvent network policies. To enhance the detection and blocking of VPNs, companies have implemented various traffic obfuscation techniques to render …
ntopng

9 Reasons You Should Use Ntopng on Your Raspberry Pi
This XDA article has published an interesting article about ntopng on rPI. In particular: Learn and experiment with networking It’s a low-power solution It integrates with other network tools (e.g. Zabbix or Nagios) Optimize your home network traffic Analyze historical network data Manage bandwidth and QoS settings Capture and analyze network packets (via nDPI) Detect unauthorized devices and threats Check network activity from anywhere Do you agree? Enjoy ! …
ntopng

Using ntopng as Generic Flow Collector (log files, firewall events, MQTT…)
Most users of our community use ntopng as flow (sFlow/NetFlow/IPFIX) collector with ntop tools such as nProbe or nProbe Cento. From time to time we receive inquiries about using it as generic flow collector for instance reading connection information from the firewall, log files/syslog, MQTT, or cloud formats. This blog post shows you howto do that, ntopng can collect information via ZMQ, so the simplest mechanism is to export data on top of this protocol. ntopng accepts two formats implemented by the nDPI serialization library: binary TLV (all versions) JSON …
ntop

Using ntopng for Teaching Network Monitoring and Administration
ntop believes in education, research, and no-profit and for this reason ntop tools have been them offered free of charge. Today we’re pleased to hear how they have helped young students to monitor and administer networks. Enjoy !     Introduction When teaching network monitoring and administration at the University of Applied Sciences in Fribourg (Switzerland), it is essential to provide tools to our bachelor students in computer science that enable them to observe and analyze traffic in real time. ntopng, an open-source network monitoring solution, is an appropriate choice for …
Announce

Short 2025 Roadmap: QoE, AI in Traffic Classification, Distributed Architecture, SuperNICs
As usual, we’re sharing some details about our 2025 roadmap. We have discusses several working items and distilled a few we can pursue in the coming months. QoE (Quality of Experience) In the past few years we have focused on Cybersecurity and now we want to extend our measurements into a new dimension: quality. ntop tools monitor various metrics such as RTT, latency, jitter.. and now we want to combine them with DPI to creare a quality score that will report how good (from the user experience standpoint) the traffic …
Uncategorized

Meet the ntop Team at FOSDEM, Brussels Feb 1-2
As we did in the past, this year we’re organizing the network devroom at FOSDEM that will take place in Brussels next week-end Sat and Sun February 1-2. Most of ntop team will be there and it will be a great to meet our community. This time we will be talking about nDPI and smart NICs. Furthermore it is a pleasure to also host two invited speakers of popular open source projects: Victor Julien the creator of Suricata IDS Gerald Combs the creator of Wireshark Looking forward meeting you at …
Announce

Introducing ntopng Policy Menu
In the past months we have extended our behaviour analysis introducing new features such as the ACL or device policies. For this reason we have rearranged the menus and create a new Policy menu (you can read more here) that contains all the configurations used by ntopng to trigger alerts. Sue to this, some pages have been moved and changed location. Below you can find the list of the moved pages and how to access them now: Server Ports (Previously, Server Ports Analysis): Previously in the Host entry, moved to …
Announce

You’re Invited to PacketFest ’25, Zürich 7-9 May: Where ntop and Wireshark Communities Meet
PacketFest ’25 is a two-day (May 8th and 9th) technical conference in Zurich, Switzerland, bringing together the ntop and Wireshark communities. The event features presentations and workshops on network traffic monitoring, cybersecurity, and open-source technologies, with a focus on practical applications and the latest advancements in ntop and Wireshark tools. Attendees can expect interactive sessions, networking opportunities, and expert insights including the creators of ntop and Wireshark. A pre-conference (May 7th) ntop training day is also offered. Registration fees apply, but students and non-profits can attend free of charge. Registration …
n2disk

Introducing n2disk 3.8: NVIDIA Support, Smart Recording, Traffic Deduplication
We’re excited to announce a new stable release of n2disk v. 3.8. This release is bringing significant new capabilities to the network monitoring and recording landscape, and it is packed with features that enhance both functionalities and performance. Here’s a closer look at the highlights of this release: New Smart Recording support to intelligently manage and optimize storage usage. Multithreaded Packet Capture to take advantage of  RSS (Receive Side Scaling) capabilities on NVIDIA/Mellanox ConnectX adapters. In fact on those adapters it is not possible to scale the performance by spawning …
nScrub

Introducing nScrub 1.6: Broader Support, More Offloads, Improved Algorithms
We are excited to announce this new release of nScrub, 1.6, packed with new features, expanded hardware support, and key enhancements to strengthen network defense capabilities. This release adds native support for NVIDIA/Mellanox ConnectX adapters, and extends support for Napatech adapters by enabling the TX offload support, which optimizes packet transmission performance and reduces CPU overhead. We also implemented native support for DPDK, making nScrub open to deployments where the users are widely using this SDK. We’ve also improved the detection and scrubbing algorithms, including additional checks on TCP packet …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe