ntop

n2disk

Introducing n2disk 3.8: NVIDIA Support, Smart Recording, Traffic Deduplication

We’re excited to announce a new stable release of n2disk v. 3.8. This release is bringing significant new capabilities to the network monitoring and recording landscape, and it is packed with features that enhance both functionalities and performance. Here’s a closer look at the highlights of this release: New Smart Recording support to intelligently manage and optimize storage usage. Multithreaded Packet Capture to take advantage of  RSS (Receive Side Scaling) capabilities on NVIDIA/Mellanox ConnectX adapters. In fact on those adapters it is not possible to scale the performance by spawning …
ntop

HowTo Monitor Router Interfaces Congestion Using SNMP

Sometimes it happens that your router is congested, and you ask yourself “How is it possible?” or “Who is responsible for congesting the network?” or “Which router/port is congested?”. You could simply answer the last question by using the SNMP/Flow Exporters Usage: HowTo Monitor SNMP Interfaces Utilisation and Congestion Rate; but what about the other two? Let’s start by looking at SNMP. As explained in the previous post, if SNMP is enabled on the routers/switches, using ntopng it is possible to figure out if an interface is congested. On the …
ntop

How nDPI Introduced Behaviour Analysis in Suricata

Last week we have attended Suricon 2024, the annual conference about Suricata and presented our work on how nDPI has been integrated with Suricata. At ntop we like to contribute to other open source projects we use and like, such as Suricata and Wireshark. One of the main limitations of Suricata is its inability to monitor many protocols (currently the engine supports ~20 protocols compared to 450+ protocols supported by nDPI) and the lack of behaviour analysis that would very well complement Suricata signature-based analysis. These have been the reasons …
Cybersecurity

A Deep Dive Into Traffic Fingerprints

Last week during SharkFest Europe 2024 we have presented what are network fingerprints and how they work. During the talk we (Luca and Ivan) have described how we have extended nDPI with support of network fingerprints, and how this work has been also integrated in Wireshark. We believe that fingerprints are an interesting technology that can help in better understanding the nature of traffic flows, detect inconsistencies on crafted traffic (e.g. a Windows box that pretends to impersonate an iOS device), and of course in cybersecurity. In the coming months …
Announce

Introducing Centralized License Manager for Dynamic Environments

We continually strive to make the software configuration and management more flexible and easier for the users. To this end, we are excited to announce the launch of a new way of licensing the software feature: the centralised License Manager (LM). This tool simplifies software license management by dynamically allocating licenses to various application instances running within your network. The LM is another option you can use in addition to “traditional” systemId-based licenses that we use today. What is the centralised License Manager? Managing software licenses across multiple instances within …
ntop

Introducing Multilanguage AI/LLM Support (beta)

In order to assist our community with 24/7 support, we have built an AI/LLM-based bot that has been trained on the ntop documentation (all products including ntopng, nProbe, nDPI…) and blog posts on this website. Currently this service is available in beta version and it is accessible using Discord on our ntop server (read here how to access it). You can use it asking questions in plain English/German/Italian/French/Dutch/Spanish…. so we hope that the language barrier will finally be solved.   Please send us your comments and in case there is …
ntop

Using ntopng to Improve Corporate Security

Today we report how ntopng has been used by Alabus AG to improve the corporate security (German version down this page). Enjoy ! PS. ntop users are very welcome to contact us reporting how they use ntop tools. ntop is used as a basis for analyzing the entire network traffic and it generates a very large number of daily alerts, which are caused by known and unknown anomalies and then it historizes all network flow data for possible later forensics. As an SME, we do not have the necessary resources …
ntop

Call for Presentations for ntopConference 2025 is Now Open

Next year the ntop community will meet in Zürich, Switzerland  for a two days event (training and conference) on May 7 and 8th. As already happened in the past, we want to meet our users and discuss with them what we have done and what are the future directions to take. This event will not happen without our community hence we are looking for speakers willing to present  interesting use cases, solutions, challenges, report experiences or anything that is relevant for our community. We have selected Zürich as location in …
ntop

Announcing ntop Professional Training: October 2024

ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in October we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 15th, 17th, 22nd, 24th, 29th, 31st of October, 2024 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session lasts …
nDPI

Positioning ntopng vs nProbe for Traffic Analysis

Recently we have compared the use of nDPI in a realtime application (ntopng) and a near-realtime (nProbe). We have captured a short pcap with some mixed traffic and analysed it with both applications. The expectation was to find comparable results between the two applications, but this happened only partially. This blog posts explains the main differences between the two tools and why there are some discrepancies in results. In our tests, we have configured both nProbe and ntopng to analyze the same pcap and write results on two different ClickHouse …
ntop

ntop and Endian Enter Partnership for Open Source OT Monitoring

ntop develops monitoring tools for IT and OT networks, whereas Endian is a leading Italian company that develops a Secure Digital Platform for OT networks. Both companies use and develop open source tools that can be a key value in OT networks where most tools are proprietary. This partnership allows both companies to complement each other and offer better tools for their user community. The complete announcement can be found at this page. Enjoy ! …