ntop

ntop

Short 1-2Q24 Roadmap: ntop Cloud, Towards 200 Gbit, Cybersecurity, Low-end nBox
Happy new year everyone! Thos who followed our November webinar know already that we’re working at new features and improvements in our tools. Below you can find a short list of features we plan to implement by the end of spring: ntop cloud. This is the major activity where we’re involved. As already said, for the time being we do not plan to create a SaaS solution (yet) but to create a communication mechanism that allow users to interact with their instances regardless of how they have been deployed. In …
ntop

HowTo Monitor Network Interface Usage with NetFlow/IPFIX
SNMP is the de-facto protocol for monitoring network devices. Using it, it is possible to monitor “how much” a link is used. What is missing is “how” a link is used. Namely if my Internet link is full, what is the device, protocol, application that is using it? ntopng was created to answer this question and see in realtime what happens on a network interface. In this blog post we will show you how to combine network interface usage monitoring with traffic analysis. Flow-based protocols such as sFlow and NetFlow/IPFIX …
ntop

Securing ClickHouse and MySQL Flow Storage
ntopng stores flows data in various databases including MySQL, Elastic and ClickHouse that is the database storage that we have selected as it outpaces the others in terms of speed and reduced disk space. ClickHouse is a columnar database and while it is very fast during data access, it is optimised for batch data insertion. This means that ntopng imports flow data as follows: High cardinality data such as flows are saved in a temporary file and imported every minute using clickhouse-client. The default TCP communication port is 9000. Low-cardinality …
cento

HowTo Build a 100 Gbit NetFlow Sensor Using nProbe Cento
When it comes to monitor a distributed network, to get a picture of the Network traffic flowing through the uplinks or on critical Network segments, NetFlow like technologies are usually the answer. nProbe Pro/Enterprise and nProbe Cento are software probes that can be used to build versatile sensors able to export flow information in many different formats, including NetFlow v5/v9/IPFIX, Kafka, Elasticsearch, ClickHouse, MySQL, CSV files, etc. All this at very high speed. nProbe Pro/Enterprise has been designed for low/mid rate (1/10 Gbps) while nProbe Cento has been designed to …
ntop

ntopConf 2023 Videos and Slides are Now Available
The ntop conference and training 2023 was a success: more than 100 people attended it, some of them flying to Italy from other continents. This has been a special event as we have celebrated 25 years since the first release of the original ntop application, and 10 years of ntopng. This was our first international event (previous conferences were in Italian) and we are happy of the outcome. For us a conference is a way to update our community about the progresses we have made, how the community uses our …
ntop

How to Monitor What Matters
Yesterday we have been invited to the NetEye Users Group Meeting to give a speech about monitoring and cybersecurity. During the talk we covered out 25 years journey in this industry and the decisions we have made during that time: Network vendors provide (after 25 years) poor monitoring data: flaws, proprietary formats, sampling, device limitations didn’t change the landscape even though the NetFlow RFC 3954 is 20 years old, and IPFIX is basically just a cosmetic change. nDPI is 10 years old and it allowed us to provide contextual information …
ntop

Announcing ntop Professional Training: November 2023
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training: . This is to announce that in May we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 7th, 9th, 14th, 16th, 21st, 23rd of November, 2023 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session …
ntop

Introducing PF_RING 8.6: Runtime Filtering and On Demand IDS at 100 Gbit
This is to announce a new PF_RING release 8.6 ! This stable release introduces a new Runtime component in PF_RING, which adds support for runtime filtering. This allows an external application to push filtering rules (through a Redis queue) while the socket is running, and offload them to the adapter when supported (e.g. on NVIDIA/Mellanox Connect-X adapters). This enables Zeek and Suricata “on-demand” at 100 Gbit as discussed in a previous post. This release also adds support for Debian 12 and latest 6.x kernel shipped with Ubuntu 22 LTS. Many other improvements …
ntop

Sorting Out and Clustering Alerts in ntopng
In a previous post, What’s In The (Alert) Inbox?, we’ve discussed how alerts are organised in the Alerts Explorer. The new “inbox” design allows us to cluster alerts into separate folders high-priority events, that require attention and needs to be addresses as soon as possible, from other minor events. This solves one issue: having all critical alerts under control, while still tracking and archiving all minor Network issues (that contribute to the hosts score, and may be still of interest when drilling down during our analysis). In a system which …
ntop

What’s In The (Alert) Inbox?
ntopng emits alerts in order to report relevant. They can be triggered by traffic thresholds, user scripts, behavioural checks, or due to Security issues, including those detected by IDS systems integrated with ntopng (the full list of built-in checks, and related alerts, that can be enabled in ntopng is available in the Alerts section of the documentation). Sometimes they are really critical and should be handled immediately to fix the problem, this is the case of Security events for instance (e.g. a compromised host that must be sanitized as soon as …
Announce

ntopConf 2023 (25 years of ntop) Registration is Now Open
This is to announce that the registration for the ntop Conference 2023, 25 years since the first release of ntop, is now open. Similar to past conferences, this event is divided into two days: the first day will be allocated for training on ntop products, the second day for the main conference and workshop. You can read the conference and training agenda at the ntopConf 2023 page from which you can also reserve your seat. Finally a few notes. In order to make this event effective we have decided that: …
nEdge

Deploying nEdge with Multiple (Virtual) LANs (and WANs)
Exactly 3 years elapsed from the introduction of nEdge (ntopng Edge), and despite the fact we haven’t posted much about it in our blog, this tool continued to grow, many features have been added over time, and we see that every time new users have the chance to try it, they are amazed about the capabilities it provides. If it’s the first time you hear about nEdge, we suggest to read the introductory post which explains how nEdge enables Network administrators to enforce policies at Layer-7 on network users, the nEdge product page which is providing …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe