ntop

nProbe

SFProbe: Embedding nProbe on an SFP
In 2004 my friend Alex Tudor of Agilent involved ntop on a very challenging project. The idea was to monitor the network from the exact place where packets were originated. In fact popular network taps and span ports are not the right tools as they are added to an existing network (i.e. the network does not need them, but probes do need them). The same applies to active monitoring: traffic should be generated from the right place. So if you want to see the router-to-router latency you should let the router …
ntop

Packet Monitoring using ntop and Cisco ON100
From time to time, Cisco builds ntop-friendly products. This is the time of the Cisco ON100 network agent. This tiny device that can fit on your hand, has been integrated with ntop for the purpose of traffic monitoring as you can read on this technical note Enabling ntop Packet Monitoring with Cisco OnPlus Service. ntop is an optional application watching the second LAN port (Monitor port). The Cisco cloud service provides a web tunnel back to the ON100 to ntop’s web service. No data is interpreted, as ntop does that. This way end users can …
nProbe

Unveiling Application Visibility in ntop and nProbe (both in NetFlow v9 and IPFIX)
For years, applications have used static ports so that port 80 means HTTP, and port 25 SMTP. Unfortunately this 1:1 mapping has been relaxed years ago with dynamic ports so that a given service could use a range of ports (e.g. for circumventing security policies) or even a fully dynamic port (e.g. see portmap). The opposite is also true, namely HTTP can run on ports other than 80, so that you can see it for instance on port 3000 that is the default HTTP port in ntop. HTTP is also …
ntop

Released ntop 4.1
Over the week end we released ntop 4.1. We decided to create a smaller version with respect to the previous 4.0.3 in order to remove some legacy code that caused trouble in the past. This release lacks some of the 4.0.3 features but it can benefit in terms of stability and efficiency. The next release will re-incorporate some of the features we cut on 4.1 as we’re currently redesigning them. The idea is to make ntop faster and more modern than past versions. In 4.1 for instance we have removed …
ntop

Ok, but how much time do I have?
Accelerating packet capture and processing is a constant race. New hardware innovations, modern computing architectures, and improvements in packet capture (e.g. PF_RING) allow applications to reduce the (both CPU and real) time they need for processing packets. But the main question still holds: how much time do I have for processing packets? This is the main point. A common misconception on this field is that hardware-accelerated cards will do the magic and solve all problems. This is a wrong statement. Technologies such as PF_RING, DNA, and those cards reduce the …
ntop

ntop in 2011
Most of you know only small pieces of the ntop project. I have decided to prepare a few slides that you can use as tutorial for showing how the various project components can be used to efficiently monitor networks, and what you can expect in 2011 from this project (see for instance vPF_RING and n2disk). Happy new year. …
ntop

Monitoring Traffic Using ntop: Cisco Traffic Analyzer
Most network administrators use ntop for monitoring ethernet traffic. ntop can do much more than this and also monitor  Fibre Channel and SCSI traffic. Cisco Traffic Analyzer is a software product based on ntop whose goal is to give Cisco MDS 9000 users a view of the network traffic. Did you know that ntop can also do this? …
ntop

A safe network for a relaxed life
My friends at Würth-Phoenix (I have to thank them for spreading the word about it) have prepared this presentation. It has not been conceived for professionals, but rather for those wishing to have a clue what’s ntop about. …
nProbe

Using ntop as a flow collector for nProbe
nProbe is an efficient netflow/IPFIX probe that can also act as a collector dumpling flows on disk or onto a database (MySQL, sqlite and Fastbit). As ntop has not been designed to operate on large/fast networks, it’s possible to use nProbe as pre-processor. In this configuration, nProbe captures packets from a network interface (or collects flows on a socket), computes flows based on packets, and sends them to ntop. Thus ntop acts as a flow collector. Supposing to: receive packets to account/analyze on interface eth1 of host X start ntop …
ntop

Twelve years of ntop
The Internet is pretty volatile. As new information become available, the old one disappears. Sometimes we have to look back and see what’s happened in the past years. Shall you be interested in seeing how ntop changed in the past twelve years, you can have a look at this URL, that has several snapshots of the ntop web site. …
ntop

ntop on Ubuntu
The ubuntu community has published a post that explains how to compile/use ntop on Ubuntu. This is the URL of the post. …
ntop

Creating 3D Maps using ntop
Since some time ntop support geolocation. Now courtesy of Ronald W. Henderson it can also display mercator maps and natively integrate with tools such  as Google Earth. These ntop extensions are part of the  NST (Network Security Toolkit) toolkit. For more information please visit the NST Wiki page. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe