nDPI – ntop

Combining nDPI and Wireshark for Cybersecurity Traffic Analysis

Posted April 26, 2021 · Add Comment

At the upcoming Sharkfest Europe 2021 we’ll talk about using Wireshark in cybersecurity. Part of the talk will focus on nDPI and Wireshark integration. Since the last release nDPI features flow risk analysis, that is basically a numerical indication of … Continue reading →

Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)

Posted February 3, 2021 · Add Comment

We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In the Network … Continue reading →

Efficiently Detecting and Blocking SunBurst Malware

Posted December 18, 2020 · Add Comment

Earlier this month a new highly evasive malware attacker named SunBurst has been disclosed. Immediately some countermeasures have been disclosed and in particular some Snort/Suricata rules have been published. We have analysed the rules trying to figure out if ntop … Continue reading →

Released nDPI 3.4: increased detection speed, statistical analysis, fuzzing, cybersecurity

Posted October 19, 2020 · Add Comment

This is to announce the release of nDPI 3.4 that is a major step ahead with respect to 3.2: Detection speed has been greatly optimised Many new functions for statistical protocol analysis have been introduced. This is to expand nDPI … Continue reading →

How Great Hashing Can (More Than) Double Application Performance

Posted October 5, 2020 · Add Comment

Most ntop applications (ntopng, nProbe, Cento) and libraries (FT) are based on the concept of flow processing, that merely means keeping track of all network communications. In order to implement this, network packets are decoded and, based on a “key” … Continue reading →

How to Dump, Index, and Layer-7 Filter Network Traffic at High Speed

Posted September 17, 2020 · Add Comment

n2disk is an application that many of the ntop community uses to dump traffic up to 100 Gbit. What few people know is that n2disk can index data not just using packet header information (i.e. IP, port. VLAN, MAC…) but … Continue reading →

Monitoring Industrial IoT/Scada Traffic with nDPI and ntopng

Posted September 8, 2020 · Add Comment

Monitoring Industrial IoT and SCADA traffic can be challenging as most open source monitoring tools are designed for Internet protocols. As this is becoming a hot topic with companies automating production lines, we have decided to enhance ntop tools to … Continue reading →

How to Detect Domain Hiding (a.k.a. as Domain Fronting)

Posted August 19, 2020 · Add Comment

Domain fronting is a technique that was used in 2010s by mobile apps to attempt to bypass censorship. The technique relies on a “front” legitimate domain that basically acts as a pivot for the forbidden domain. In essence an attacker … Continue reading →

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

Posted July 1, 2020 · Add Comment

Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →

Howto Identify and Block Telegram-based Botnets

Posted June 10, 2020 · Add Comment

Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading →

Browse By Date
Browse By Date
Browse By Categories
- Announce (48)
- cento (6)
- Components (1)
- Cybersecurity (6)
- Features (2)
- Guides (11)
- libebpfflow (1)
- n2disk (20)
- n2n (7)
- nbox (7)
- nDPI (44)
- nEdge (6)
- News (12)
- nProbe (82)
- nScrub (3)
- ntop (92)
- ntopng (119)
- PF_RING (88)
- snort (3)
- TNAPI (11)
- tutorials (13)
- vPF_RING (3)
- ZC (30)