PF_RING

Released PF_RING 8.8.0: Flow Table Offload and nVidia BlueField Support
This is to announce a new PF_RING release 8.8.0! This release adds generic support for flow table offload, which is currently supported on Napatech adapters with Flow Manager enabled. This new technology has been successfully used to accelerate nProbe Cento when running with DPI enabled on multi 100 Gbit traffic (both passive and inline) and the work has been presented at IEEE HPSR (IEEE International Conference on High Performance Switching and Routing). This also adds support for zero-copy transmission on Napatech adapters, to reduce bandwidth utilisation and latency when forwarding …
nDPI

Released nDPI 4.10: 421 Protocols, 55 Flow Risks, Several Improvements, Getting Ready for FPC
This is to announce the release of nDPI 4.10. This release adds many improvements and new detected protocols. For this reason future releases will be scheduled more often on a 4 or 6 months (hard) basis in order to provide you constant updates on a predictable timeframe, Beside adding many dissectors, this release paves the way towards First Packet Classification (FPC) that is an attempt (for selected protocols) to detect the application protocol DPI at the first packet of a connection. Of course this is a challenge, and it won’t …
nDPI

Positioning ntopng vs nProbe for Traffic Analysis
Recently we have compared the use of nDPI in a realtime application (ntopng) and a near-realtime (nProbe). We have captured a short pcap with some mixed traffic and analysed it with both applications. The expectation was to find comparable results between the two applications, but this happened only partially. This blog posts explains the main differences between the two tools and why there are some discrepancies in results. In our tests, we have configured both nProbe and ntopng to analyze the same pcap and write results on two different ClickHouse …
ntopng

HowTo Extend ntopng with new Host/Flow Checks and Alerts
ntopng can be easily extended with new host/flow checks and alerts. They are developed in C++ with a few Lua files used by the UI to configure the check and format the emitted alerts. In order to introduce you to thir development, we have written a short guide that shows you step-by-step how to develop a simple check and alert. If you want you can see a code example of host check that rtiggers an alert when a server contacted a new port after a learning period. If you have …
ntopng

HowTo Export ntopng Alarms to Checkmk Event Console
Checkmk is a popular platform for monitoring IT infrastructure. ntopng has been integrated in Checkmk some time ago, enabling users to provide traffic visibility in additional to classic bytes/packets metrics. As ntopng is able to produce traffic alerts that, we have decided to extend ntopng in order to export alert information towards Checkmk event console where alerts are received.This guide will walk you through configuring ntopng and Checkmk to enable this functionality. In order to do so, within ntopng, it’s necessary to configure a new Endpoints as well as a …
cento

Advancements in Traffic Processing Using Programmable Hardware Flow Offload
This week we have presented at the IEEE HPSR (IEEE International Conference on High Performance Switching and Routing) our latest work that shows how nProbe can benefit of acceleration provided by modern SmartNICs to achieving multi-100 Gbit traffic processing (both passive and inline) on low-end servers while deep-packet inspecting traffic using nDPI. If you want to know more about it, you can view the presentation slides, or read thw paper. Your feedback is welcome. Enjoy ! …
ntopng

Extended Multilanguage Support in ntopng: Korean, Spanish and French
This is to announce that ntopng now enables users to use a new languages: Korean, Spanish and French.  We have also improved translations of German and Italian. The translation is done using an automatic tool so, we cannot guarantee that the translation is completely correct. Error or typos are accepted as a GitHub issue: please open a ticket if you find problems. To change language click on the top right icon in ntopng and enter in the admin page A popup will open, select language and a list of available …
ntop

ntop and Endian Enter Partnership for Open Source OT Monitoring
ntop develops monitoring tools for IT and OT networks, whereas Endian is a leading Italian company that develops a Secure Digital Platform for OT networks. Both companies use and develop open source tools that can be a key value in OT networks where most tools are proprietary. This partnership allows both companies to complement each other and offer better tools for their user community. The complete announcement can be found at this page. Enjoy ! …
ntop

You’re Invited to the ntop Community Call: Thu July 18th, 15:00 CET, 9:00 AM EST
This is to invite you to the next ntop community call that is scheduled for Thu July 18th, 15:00 CET, 9:00 AM EST. The topics we would like to discuss with our community include Planning for the next ntop Conference 2024/25: decide conference location, contents, format and details. Discuss about other potential community meeting (either in person or virtual) Preview of the upcoming stable released scheduled for late July. Feedback and Q&A This event does not require registration and you can simply add it to your calendar using this link …
n2disk

Howto Build a (Cheaper) 100 Gbit Continuous Packet Recorder using Commodity Hardware
Those who follow this blog probably read a few posts where we described how to build a 100 Gbit continuous packet recorder using n2disk and PF_RING, providing specs for recommended hardware and sample configurations (if you missed them, read part 1, part 2 and part 3). In those posts we recommended the use of FPGA-based adapters (e.g. Napatech) with support for PCAP chunk mode (e.g. ability for the NIC to collapse packets onside the adapter in pcap format without the need to read packet-by-packet as with most network adapters), in addition …
ntop

InfluxDB v2 support in ntopng is Now (partially) Available
It’s been 3 years since InfluxDB v.2 was released and until a couple of months ago we didn’t plan to add the support to the InfluxDB v.2 due to many reasons: migration from SQL to Flux query language, v2 performance not better than v1. The in the meantime InfluxData release InfluxDB v3 that is currently only supported on their cloud and not yet packaged as on-prem product. However due to the more pressing requests and suggestions from our customers we finally decided to add the support as follows: as InfluxDB …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe