nDPI – ntop

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

Posted July 1, 2020 · Add Comment

Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →

Howto Identify and Block Telegram-based Botnets

Posted June 10, 2020 · Add Comment

Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading →

Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

Posted May 28, 2020 · Add Comment

In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted traffic analysis techniques to provide TLS traffic visibility. At ntop we have never liked … Continue reading →

How Lockdown Changed Corporate Internet Connectivity

Posted May 21, 2020 · Add Comment

Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over. In essence during the lockdown remote workers used very few corporate services via VPN, with relatively light traffic (e.g. … Continue reading →

You’re invited to the future of nDPI: Python, Cybersecurity and Behaviour. May 15th, 4PM CET

Posted May 14, 2020 · Add Comment

Hi all, this is to invite you to an open discussion about nDPI, its future. In particular Python bindings, cybersecurity extensions and behaviour analysis. We will meet at 4PM CET (10AM EST) live on the Internet. For those who have … Continue reading →

Trickbot Malware Analysis Using nDPI and ntopng

Posted May 10, 2020 · Add Comment

Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers. A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI … Continue reading →

Towards Traffic Behaviour Analysis: Introducing nDPI 3.2

Posted February 20, 2020 · Add Comment

This is to announce the new stable release of nDPI 3.2. The main trend of nDPI is to move from “simple” application protocol detection towards behavioral traffic interpretation. This has been implemented with the integration of modules for detecting attacks … Continue reading →

Effective TLS Fingerprinting Beyond JA3

Posted February 8, 2020 · Add Comment

JA3 is a popular method to fingerprint TLS connections used by many monitoring tools and IDSs. JA3 focuses on encryption options specified during TLS connection setup to fingerprint the encryption library used by the application. Image courtesy of Cisco So … Continue reading →

Encrypted Traffic Analysis: A Primer

Posted January 28, 2020 · Add Comment

Monitoring encrypted traffic is must for providing visibility in modern traffic. Due to this we’ve put a lot of energy in extending nDPI so that it could be useful in this context. DPI (deep packet inspection) however is not enough … Continue reading →

Rethinking Network Flow Visualisation

Posted December 15, 2019 · Add Comment

Traffic monitoring applications often aggregate traffic in flows, that in essence is a way to divide traffic according to a 5-tuple key (Protocol, IP/port source/destination). Flows are then aggregated for instance according to IP address or protocol, and often represented … Continue reading →

Popular
Recent
Comments
Tags

ntopng Deep Dive: Interview with Ivan PepelnjakLast month Ivan Pepelnjak interviewed me on Software Gone Wild [...]
PF_RING 6.0.3 Just ReleasedToday we have released PF_RING 6.0.3 a maintenance release that [...]
Using ntop Applications with Docker and OpenStackIn order to ease the deployment of our applications in [...]
Introducing n2disk 3.0This is to announce n2disk 3.0 that is more than [...]

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)Earlier last month Ripple20 became popular as it has listed [...]
Howto Build a 100 Gbit (Drop-Free) Continuous Packet Recorder using n2disk [Part 3]In the first post of this series (part 1) we described how [...]
Howto Identify and Block Telegram-based BotnetsBotnets are a popular way to run malware on a [...]
ntop Tools TaxonomyAs sometime people is confused about the various options ntopng [...]

Browse By Date
Browse By Date
Browse By Categories
- Announce (43)
- cento (5)
- Components (1)
- Features (2)
- Guides (10)
- libebpfflow (1)
- n2disk (19)
- n2n (6)
- nbox (7)
- nDPI (36)
- nEdge (6)
- News (9)
- nProbe (76)
- nScrub (2)
- ntop (80)
- ntopng (101)
- PF_RING (86)
- snort (3)
- TNAPI (11)
- tutorials (13)
- vPF_RING (3)
- ZC (29)