ntop

ntop

Introducing PF_RING ZC Support for Mellanox Adapters
PF_RING ZC is ntop’s high-speed zero-copy technology for high speed packet capture and processing. Until now ZC supported 10/40/100 Gbit adapters from Intel based on ASIC chips, in addition to the FPGA-based 100 Gbit adapters already supported by PF_RING including Accolade/Napatech/Silicom. This post is to announce a new ZC driver, known as mlx, supporting a new family of 100 Gbit ASIC-based adapters, this time from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 adapters. The supported ConnectX adapters from Mellanox, in combination with the new mlx driver, demonstrated to be capable of high performance, by …
ntop

Introducing PF_RING 8.0: Batch Packet Processing and XDP Support
This is to announce a new PF_RING release 8.0. This new stable version includes enhancements for improving application performances, by adding support for batch processing also in the standard API (it was already available in the ZC API), and consolidates XDP support, which has been reworked to fully leverage on the latest Zero-Copy support and buffers management and take full advantage of the native batch capture. This release also adds support for the latest kernels to the ZC drivers for Intel adapters, including those shipped with CentOS (8.4) and Ubuntu LTS (20) …
Guides

ntopng, InfluxDB and Grafana: A Step-By-Step Guide to Create Dashboards
Creating Grafana dashboards out of ntopng data basically boils down to: Configuring ntopng to export timeseries data to InfluxDB Configuring the Grafana InfluxDB datasource to extract timeseries data from InfluxDB Adding Grafana Dashboards panels with ntopng data This post aims at covering the topics above to serve as reference for those who want to create Grafana dashboards. Configuring ntopng to Export Timeseries Data to InfluxDB To configure ntopng to export timeseries data to InfluxDB, visit the ntopng Timeseries preferences page, and pick InfluxDB as driver. Then, it suffices to configure …
nScrub

A Step-By-Step Guide for Protecting Your Network with nScrub
Distributed Denial of Service (DDoS) attacks represent a family cyber-attacks that are more and more common nowadays. They aim to make the service unavailable by overwhelming the victim with high traffic volumes (this is the case of volumetric or amplification attacks based on UDP, ICMP, DNS, …) or an high number of requests (including TCP connection attacks like the SYB flood, or Layer 7 attacks able to exhaust the resources of the service at the application level). This differentiate them from other cyber-attacks like intrusion attacks or malwares aiming to destroying, stealing …
ntop

Dec 10th, ntop miniconf 2020 part III: nProbe and n2disk (on embedded systems)
This is a reminder for the third and last part of our mini-conference 2020 scheduled for this Thursday, December 10th 4 PM CET/10 AM EST. This time we’ll focus on the latest nProbe and n2disk features and provide a short practical tutorial. In addition we’ll cover ntopng alert and endpoints. Finally we’ll discuss how to embed ntop toolsin small devices for ubiquitous monitoring Below you can find all details, including the webinar link and calendar entry. Luca Deri: nProbe Traffic Monitoring and Embedding Carlos Talbot: Embedding ntopng on Ubiquity UDM …
n2disk

Exploiting Arista MetaWatch with n2disk and ntopng: HighRes Timestamping and Analytics
Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel network adapters. A better alternative to this practice is to avoid ad all using specialised adapters and rely on existing network devices to timestamp packets. Arista packet brokers with MetaWatch  can be configured to add an extra trailer (Metamako) with metadata to every captured packet. In fact Arista 7150 Series …
ntop

Using ntopng as network sensor for SecurityOnion (and integrated with Suricata)
SecurityOnion (SO) is a popular Linux distribution for threat hunting and security. It included ElasticSearch as backend for storing alerts as well as Kibana-based web interface. SO includes out of the box a few sensors such as Suricata that is a signature-based IDS used for flow analysis. To date SO does not include a tool that is able to merge network and security analysis or that can collect input from sensors and provide a high-level consolidated alert (e.g. a DoS vs individual alerts generated by Suricata). As most of our …
ntop

Embedding ntop: Nokia Beacon and Ubiquity UniFi Dream Machine
The latest generation of network devices are pretty powerful and open. This means that such devices ship with a Linux-based distribution such as OpenWRT or UniFI OS. In these devices it is possible to install third party software as the CPU is pretty powerful, there is some storage and memory available for running additional applications. In this blog post we want to describe our experience with two of these devices where it is possible to install ntop tools. This allows the network traffic to be monitored without having to install …
ntop

Using ntop tools on VyOS
VyOS  is a popular open-source router and firewall platform based on Linux, and some of our users asked us to support it natively. This post explains you how to achieve that in a few simple steps. Prerequisites As VyOS is based on Debian Linux, the easiest solution is to install precompiled Debian packages or compile it from source. In order to do this you need to configure the Debian repositories that on VyOS are empty. You need (as root) to edit /etc/apt/sources.list and store on it something like this: deb …
n2disk

Introducing n2disk 3.6: full L7 support, fast flow export, replay rate control
This is to announce a new n2disk release 3.6. This release adds full support for indexing and retrieving traffic based on the Layer-7 application protocol. This can now be enabled even when flow export is disabled, and it is possible to use the extraction tool to extract selected application traffic using the Layer-7 protocol as part of the nBPF filter. n2disk is now also able to use the main storage as a cache, and in the meantime archive pcap files moving them from the fast to a slower storage, even …
ntop

Introducing PF_RING 7.8: ZC support for new Intel adapters and much more
This is to announce a new PF_RING major release 7.8. The main changes in this release include: The new ice ZC driver supporting E800 Series 100 Gigabit Intel adapters. Hardware timestamp support  for packet trailers and keyframes generated by Arista 7150 Series and Metawatch. This also includes device information such as the Device ID and the Port ID. BPF support for all ZC devices and queues, both to filter received or transmitted traffic. ZC API extensions to further simplify its use, which is one of the main advantages of this …
ntop

Using ElasticSearch to Store and Correlate Ntopng Alarms
With the introduction of ntopng endpoints and recipients, it is now possible to handle alerts in a flexible fashion by means of recipients. ntopng embeds a SQLite database for turn-key alert storage and reporting. However in large organizations with many alerts scalability of this solution is limited due to the limited number of records (16k) that can be handled. In the latest ntopng 4.1.x versions it is now possible to export alerts in an external ElasticSearch database (not available in the community edition). This post shows you how to use …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe