• Working at ntop
  • E-Shop Legal Information
  • E-Shop Terms and Conditions
  • GitHub
  • Resellers
  • Newsletter
ntop
  • Home
  • Blog
  • Products
    • Packet Capture
      • PF_RING
      • PF_RING ZC (Zero Copy)
      • PF_RING FT (Flow Table)
    • Traffic Recording & Replay
      • n2disk
      • disk2n
      • nBox Recorder
    • Flow-based Traffic Analysis
      • nProbe
      • nProbe™ Cento
      • nBox NetFlow/IPFIX
    • Traffic Analysis and Enforcement
      • ntopng
      • ntopng Edge
    • Deep Packet Inspection
      • nDPI
    • DDoS Mitigation and VPN
      • nScrub
      • n2n
  • Support
    • Documentation
      • FAQs
      • User’s Guides
      • Video Tutorials
    • Need Help?
      • Bug Report
      • Contact Us
      • Community Support
      • Commercial Support
    • Training
      • Professional Training
    • Misc
      • Code Security
      • Contributor License Agreement
      • Brochures
  • GitHub
  • Get Started
  • About
    • About Us
    • The ntop Team
    • ntop Conference
    • Credits
    • Partners
    • Resellers
    • Legal Information
    • Privacy Policy
    • Locations
    • Resources
  • Shop
admin 0

Trickbot Malware Analysis Using nDPI and ntopng

Posted May 10, 2020 · Add Comment

Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers.  A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI … Continue reading →

Read More
admin 0

Towards Traffic Behaviour Analysis: Introducing nDPI 3.2

Posted February 20, 2020 · Add Comment

This is to announce the new stable release of nDPI 3.2. The main trend of nDPI is to move from “simple” application protocol detection towards behavioral traffic interpretation. This has been implemented with the integration of modules for detecting attacks … Continue reading →

Read More
admin 0

Effective TLS Fingerprinting Beyond JA3

Posted February 8, 2020 · Add Comment

JA3 is a popular method to fingerprint TLS connections used by many monitoring tools and IDSs. JA3 focuses on encryption options specified during TLS connection setup to fingerprint the encryption library used by the application. Image courtesy of Cisco So … Continue reading →

Read More
admin 0

Encrypted Traffic Analysis: A Primer

Posted January 28, 2020 · Add Comment

Monitoring encrypted traffic is must for providing visibility in modern traffic. Due to this we’ve put a lot of energy in extending nDPI so that it could be useful in this context. DPI (deep packet inspection) however is not enough … Continue reading →

Read More
admin 0

Rethinking Network Flow Visualisation

Posted December 15, 2019 · Add Comment

Traffic monitoring applications often aggregate traffic in flows, that in essence is a way to divide traffic according to a 5-tuple key (Protocol, IP/port source/destination). Flows are then aggregated for instance according to IP address or protocol, and often represented … Continue reading →

Read More
admin 0

How to use nDPI from CLI to analyse network traffic

Posted November 23, 2019 · Add Comment

Most people use nDPI indirectly being it part of ntopng and many other non-ntop developed tools. However not many people know that nDPI can also be used from the command line to analyse network traffic. This is useful to create … Continue reading →

Read More
admin 0

Introducing nDPI v3: Encrypted/Malware Traffic Analysis with Ease

Posted October 4, 2019 · Add Comment

Those who though that DPI died with the advent of traffic encryption should play with nDPI v3 that we’re introducing today. As already discussed, the pervasive use of encrypted traffic requires a new mindset when analysing network traffic. We decided … Continue reading →

Read More
admin 0

How Encryption Changed Network Traffic (Monitoring). Finally.

Posted September 27, 2019 · Add Comment

For years traffic monitoring tools assumed traffic was in clear text. This because when the Internet was created all the main protocols such as DNS, HTTP, SMTP, Telnet, POP were in clear. With this practice it was easy to report … Continue reading →

Read More
admin 0

New Challenges in DPI Protocol Detection

Posted August 15, 2019 · Add Comment

In the early Internet days, each network protocol was designed for a specific purpose: SMTP for sending emails, HTTP for the web and so on. In order to make sure that implementations where compliant with the specification, there was an … Continue reading →

Read More
admin 0

TLS/SSL Analysis: When Encryption and Safety Are Not Alike

Posted May 31, 2019 · Add Comment

Most people think that SSL means safety. While this is not a false statement, you should not take it for granted. In fact while your web browser warns you when a certain encrypted communication has issues (for instance them SSL … Continue reading →

Read More
  • ← Previous Entries
  • Next Entries →
 
  • Popular
  • Recent
  • Comments
  • Tags
  • PF_RING 6.0.3 Just ReleasedToday we have released PF_RING 6.0.3  a maintenance release that [...]
  • ntopng Deep Dive: Interview with Ivan PepelnjakLast month Ivan Pepelnjak interviewed me on Software Gone Wild [...]
  • ntop is back: ntopng 1.0 just releasedAfter 15 years since the introduction of the original ntop [...]
  • How to Configure Flow Risk Exclusions in nDPI and ntopngFlow risks are the mechanism nDPI implements for detecting issues [...]
  • How to Configure Flow Risk Exclusions in nDPI and ntopngFlow risks are the mechanism nDPI implements for detecting issues [...]
  • Best Practices for Using ntop Tools on ContainersMany people use software containers to simplify application deployment. As [...]
  • How ntopng monitors IEC 60870-5-104 trafficBusy times for OT analysts. Last month the number of [...]
  • Registration for ntopConf 2022 (June 23-24) is now OpenThis year the ntop community will meet in Milan Italy [...]
active monitoring bgp cento containers ebpf elasticsearch export flows fosdem hancitor icinga2 infection influxdb inline layer7 netflow nProbe nprobeagent ntopng performance policer release round trip time rtt security stable tcp states telemetry themes visibility
  • Browse By Date

  • Browse By Categories

    • Announce (50)
    • cento (8)
    • Components (1)
    • Cybersecurity (14)
    • Features (2)
    • Guides (11)
    • libebpfflow (1)
    • n2disk (20)
    • n2n (7)
    • nbox (7)
    • nDPI (51)
    • nEdge (6)
    • News (13)
    • nProbe (93)
    • nScrub (3)
    • ntop (101)
    • ntopng (138)
    • PF_RING (91)
    • snort (3)
    • TNAPI (11)
    • tutorials (17)
    • vPF_RING (3)
    • Webinar (15)
    • ZC (30)
 
  • Latest Posts

    • How to Configure Flow Risk Exclusions in nDPI and ntopng
    • Best Practices for Using ntop Tools on Containers
    • How ntopng monitors IEC 60870-5-104 traffic
    • Registration for ntopConf 2022 (June 23-24) is now Open
    • HowTo Use TLS for Securing Flow Export/Collection
  • Upcoming Events

    • June 23-24 - ntopConf 2022 (Milan)
© 1998-2022 ntop
ntop, ntopng, nDPI, PF_RING, nProbe, and n2disk are registered trademarks.