• Working at ntop
  • E-Shop Legal Information
  • E-Shop Terms and Conditions
  • GitHub
  • Resellers
  • Newsletter
ntop
  • Home
  • Blog
  • Products
    • Packet Capture
      • PF_RING
      • PF_RING ZC (Zero Copy)
      • PF_RING FT (Flow Table)
    • Traffic Recording & Replay
      • n2disk
      • disk2n
      • nBox Recorder
    • Flow-based Traffic Analysis
      • nProbe
      • nProbe™ Cento
      • nBox NetFlow/IPFIX
    • Traffic Analysis and Enforcement
      • ntopng
      • ntopng Edge
    • Deep Packet Inspection
      • nDPI
    • DDoS Mitigation and VPN
      • nScrub
      • n2n
  • Support
    • Documentation
      • FAQs
      • User’s Guides
      • Video Tutorials
    • Need Help?
      • Bug Report
      • Contact Us
      • Community Support
      • Commercial Support
    • Training
      • Professional Training
    • Misc
      • Code Security
      • Contributor License Agreement
      • Brochures
  • GitHub
  • Get Started
  • About
    • About Us
    • The ntop Team
    • ntop Conference
    • Credits
    • Partners
    • Resellers
    • Legal Information
    • Privacy Policy
    • Locations
    • Resources
  • Shop
admin 0

How Great Hashing Can (More Than) Double Application Performance

Posted October 5, 2020 · Add Comment

Most ntop applications (ntopng, nProbe, Cento) and libraries (FT) are based on the concept of flow processing, that merely means keeping track of all network communications. In order to implement this, network packets are decoded and, based on a “key” … Continue reading →

Read More
admin 0

How to Dump, Index, and Layer-7 Filter Network Traffic at High Speed

Posted September 17, 2020 · Add Comment

n2disk is an application that many of the ntop community uses to dump traffic up to 100 Gbit. What few people know is that n2disk can index data not just using packet header information (i.e. IP, port. VLAN, MAC…) but … Continue reading →

Read More
admin 0

Monitoring Industrial IoT/Scada Traffic with nDPI and ntopng

Posted September 8, 2020 · Add Comment

Monitoring Industrial IoT and SCADA traffic can be challenging as most open source monitoring tools are designed for Internet protocols. As this is becoming a hot topic with companies automating production lines, we have decided to enhance ntop tools to … Continue reading →

Read More
admin 0

How to Detect Domain Hiding (a.k.a. as Domain Fronting)

Posted August 19, 2020 · Add Comment

Domain fronting is a technique that was used in 2010s by mobile apps to attempt to bypass censorship. The technique relies on a “front” legitimate domain that basically acts as a pivot for the forbidden domain. In essence an attacker … Continue reading →

Read More
admin 0

Introducing nDPI Risk Analysis for (Cybersecurity) Network Traffic Analysis (was Ripple20)

Posted July 1, 2020 · Add Comment

Earlier last month Ripple20 became popular as it has listed some vulnerabilities found in a custom IP stack used by many IoT devices. Despite the hype on Ripple20, in essence the tool used to fingerprint vulnerable devices sends either malformed … Continue reading →

Read More
admin 0

Howto Identify and Block Telegram-based Botnets

Posted June 10, 2020 · Add Comment

Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading →

Read More
admin 0

Why Traffic Behaviour Analysis is Good (was Encrypting TLS 1.3 Traffic)

Posted May 28, 2020 · Add Comment

In the latest nDPI meetup, we have discussed future directions, including extending the current encrypted traffic analysis features. Currently nDPI supports both fingerprint and behaviour encrypted traffic analysis techniques to provide TLS traffic visibility. At ntop we have never liked … Continue reading →

Read More
admin 0

How Lockdown Changed Corporate Internet Connectivity

Posted May 21, 2020 · Add Comment

Global lockdown has forced many people to work from remote: empty offices, all remote working until the emergency is over.   In essence during the lockdown remote workers used very few corporate services via VPN, with relatively light traffic (e.g. … Continue reading →

Read More
admin 0

You’re invited to the future of nDPI: Python, Cybersecurity and Behaviour. May 15th, 4PM CET

Posted May 14, 2020 · Add Comment

Hi all, this is to invite you to an open discussion about nDPI, its future. In particular Python bindings, cybersecurity extensions and behaviour analysis. We will meet at 4PM CET (10AM EST) live on the Internet. For those who have … Continue reading →

Read More
admin 0

Trickbot Malware Analysis Using nDPI and ntopng

Posted May 10, 2020 · Add Comment

Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers.  A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI … Continue reading →

Read More
  • ← Previous Entries
  • Next Entries →
 
  • Popular
  • Recent
  • Comments
  • Tags
  • PF_RING 6.0.3 Just ReleasedToday we have released PF_RING 6.0.3  a maintenance release that [...]
  • ntopng Deep Dive: Interview with Ivan PepelnjakLast month Ivan Pepelnjak interviewed me on Software Gone Wild [...]
  • ntop is back: ntopng 1.0 just releasedAfter 15 years since the introduction of the original ntop [...]
  • How ntopng monitors IEC 60870-5-104 trafficBusy times for OT analysts. Last month the number of [...]
  • How ntopng monitors IEC 60870-5-104 trafficBusy times for OT analysts. Last month the number of [...]
  • Registration for ntopConf 2022 (June 23-24) is now OpenThis year the ntop community will meet in Milan Italy [...]
  • HowTo Use TLS for Securing Flow Export/CollectionOne of the main limitations of flow-based protocols such as [...]
  • How PF_RING is Used to Fight Internet Censorship: Refraction NetworkingInternet censorship is a global phenomenon (see Figure 1) that [...]
active monitoring bgp cento containers ebpf elasticsearch export flows fosdem hancitor icinga2 infection influxdb inline layer7 netflow nProbe nprobeagent ntopng performance policer release round trip time rtt security stable tcp states telemetry themes visibility
  • Browse By Date

  • Browse By Categories

    • Announce (50)
    • cento (8)
    • Components (1)
    • Cybersecurity (14)
    • Features (2)
    • Guides (11)
    • libebpfflow (1)
    • n2disk (20)
    • n2n (7)
    • nbox (7)
    • nDPI (50)
    • nEdge (6)
    • News (13)
    • nProbe (93)
    • nScrub (3)
    • ntop (100)
    • ntopng (137)
    • PF_RING (91)
    • snort (3)
    • TNAPI (11)
    • tutorials (17)
    • vPF_RING (3)
    • Webinar (15)
    • ZC (30)
 
  • Latest Posts

    • How ntopng monitors IEC 60870-5-104 traffic
    • Registration for ntopConf 2022 (June 23-24) is now Open
    • HowTo Use TLS for Securing Flow Export/Collection
    • How PF_RING is Used to Fight Internet Censorship: Refraction Networking
    • ntop Conference 2022: Call for Speakers
  • Upcoming Events

    • June 23-24 - ntopConf 2022 (Milan)
© 1998-2022 ntop
ntop, ntopng, nDPI, PF_RING, nProbe, and n2disk are registered trademarks.