ntop

Last month we have integrated hardware flow offload in PF_RING 7.0. This week Alfredo has presented at Suricon 2017 the integration of hardware flow offload with Suricata and demonstrated that with this technology you can significantly reduce packet drops and CPU load. Below you can see how NetFlow traffic analysis and Suricata can both benefit from this work. Hardware Flow Offload with Netflow Hardware Flow Offload with Suricata Shall you be interested to read the full story, these are the presentation slides. We remind you that the PF_RING source code …

Those who have not been able to attend our ntop meeting at Sharkfest Europe 2017 can find our presentation slides below Sharkfest EU 2017 – Intro Sharkfest EU 2017 – hardware-flow-offload Sharkfest EU 2017 – beautiful monitoring with ntopng and grafana Sharkfest EU 2017 – microprobes Sharkfest EU 2017 – extcap, remote wireshark and demo Sharkfest EU 2017 – EdgeTrafficMonitoring Sharkfest EU 2017 – what’s new, new products and roadmap We need your feedback and we could be glad if our community could give us guidance in the next steps. …

On November 7th we will be organising the ntop meetup during the Sharkfest EU 2017 that will take place in Portugal. You can find all details here. This year we will be focusing on cybersecurity, IoT and user traffic monitoring, as well on Wireshark. In fact during our talk at Sharkfest we won’t have enough time to explain in detail all our activities for turning (or complementing) Wireshark into an effective monitoring tool and not just a packet dissector. We welcome all users of our community (attendance of Sharkfest EU is …

This month it’s 20 years that I have started the ntop project. Initially it was a hobby project, willing to understand what was really flowing on a network after having spent 5 years playing with OSI that was clearly a dead end (whoever used FTAM to download a file and compared it with FTP/NFS or drag-and-drop on a Mac desktop, understands what I mean), even for me that just graduated from university. My initial idea behind ntop was to create a simple tool able to enable network visibility without having …

In early August, Scott Schweitzer interviewed me about network monitoring and packet capture. The conversation has been very broad, and I have covered various topics ranging from packet capture, network traffic analysis, deep packet inspection, IoT (Internet of Things) and cybersecurity. You can hear my view on this market, and what we’re doing at ntopng to tackle new challenges, as well what we envisage the (hardware) networking industry should provide developers in terms of new products. This is because after being almost 20 years on this industry, looking back at …

At ntop we use wireshark to dissect traffic and to learn how to make our tools better. We’re not typical packet-oriented users however, as we want to see traffic as a whole and not packet-by-packet. This has been the motivation for contributing to wireshark for extending it towards a more monitoring-oriented tool. Above you can see the video (and slides) of our presentation at the Sharkfest US 2017 conference.     …

Since last year we are designing a solution for monitoring IoT and Fog computing devices. This is becoming a hot argument since they are more and more used to create large Internet attacks and also because our privacy can be affected by this new computing trend. While we do not have a complete solution ready, we have some preliminary results and lessons learnt that are worth to be shared with our community. This is a presentation we created on this subject and that has been shown at the Wurth-Phoenix Roadshow (BTW …

ntop has always tried to make the Internet a better place by developing many open-source network monitoring tools, and releasing all the software at no cost to non-profit and education. A few years ago, Qurium/VirtualRoad, a swedish foundation offering secure hosting to independent online news outlets and human rights organisations, contacted us. The reason was that after years mitigating attacks using proprietary appliances and servers running customised Linux kernel code based on netfilter, they reached the conclusion that those solutions were not affordable, or flexible, or fast enough. Their experience with …

It’s not uncommon to see network administrator struggling tracking down packet drop on network equipments at interface level, while having a low average link utilisation. At the end it often turns out to be due to a phenomenon (well) known as microburst. While forwarding data between network links, network equipments absorb spikes with buffers, when buffers fill much quicker than they empty because of a line-rate burst, they overflow and packet loss occurs (yes you drop even though your like is in average little used). Now it’s clear that having …

As ntop software is increasing in popularity, we need help for supporting our users and working at new developments. Therefore we are looking for someone to join our development time, help us, and assist the user community.   Job Description We are looking for a candidate located in Italy or in a similar time zone (CET) willing to work remotely or (better) at our main location in Pisa. We offer semi-flexible working hours with a set of time to be allocated every day Mon-Fri during standard working hours (9 AM …