ntop products have been using geolocation databases provided by MaxMind for a long time, to augment network IP addresses with geographical coordinates (cities, countries) and information on the Autonomous Systems. ntop have been freely packaging and redistributing such databases in … Continue reading
New Directions in Network Traffic Security: Homework for 2020
Summary With today’s traffic, most network IDSs (NIDS) have severe limitations in terms of visibility and ability to be easily circumvented by malware (for instance running a known service on a non-default port or the other way round), and thus … Continue reading
Finding a Needle in a Haystack (was Traffic Disaggregation with Sub Interfaces in ntopng)
Network traffic moving across a link often contains various types of traffic, for example in large companies it can include a mix of traffic coming from: Employees network Core company servers Guests network Other Analysing the traffic as a whole … Continue reading
Do You Know What Hackers Hide in SSL/TLS?
ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta, a technical writer focused on network security and open source … Continue reading
Building a (Cheap) Continuous Packet Recorder using n2disk and PF_RING [Part 2]
Continuous packet recorders are devices that capture raw traffic to disk, providing a window into network history, that allows you to go back in time when a network event occurs, and analyse traffic up to the packet level to find … Continue reading
System-Introspected Network and Container Visibility: A Quick Start Guide
Recently, we have introduced the concept of network and container visibility through system introspection and also demonstrated its feasibility with an opensource library libebpfflow. In other words, by leveraging certain functionalities of the linux operating system, we are able to … Continue reading
Introducing nProbe Agent: Packetless, System-Introspected Network Visibility
A few months ago at FOSDEM we introduced the concept of network and container visibility through system introspection and we released an opensource library based on eBPF that can be used for this scope. Based on this technology, we created a lightweight … Continue reading
Talking about Network, Service, and Container Monitoring at InfluxDays
Later this week the ntop team will attend InfluxDays, June 13-14, London, UK. We’ll be talking about traffic monitoring in containerised environments, and give you an outlook of our roadmap. If you are attending this event (we’ll have a … Continue reading
ntopConf 2019 Retrospective
On May 8-9th we have organised our yearly event, in Padova, Italy. The first day was dedicated to training and the second day to the conference. Overall about 150 people attended the event, and we’re glad of it. Our gratitude … Continue reading
Monitoring Containerised Application Environments with eBPF
Earlier this week ntop and InfluxData held a joint webinar about monitoring containerised applications. We have discussed solution for monitoring both legacy (e.g. non-containerised) and containerised applications, what are the technologies we can use. As most of you know, we have developed … Continue reading