This is to announce a new PF_RING release 8.0. This new stable version includes enhancements for improving application performances, by adding support for batch processing also in the standard API (it was already available in the ZC API), and consolidates XDP support, which has been reworked to fully leverage on the latest Zero-Copy support and […]
ntopng, InfluxDB and Grafana: A Step-By-Step Guide to Create Dashboards
Creating Grafana dashboards out of ntopng data basically boils down to: Configuring ntopng to export timeseries data to InfluxDB Configuring the Grafana InfluxDB datasource to extract timeseries data from InfluxDB Adding Grafana Dashboards panels with ntopng data This post aims at covering the topics above to serve as reference for those who want to create […]
A Step-By-Step Guide for Protecting Your Network with nScrub
Distributed Denial of Service (DDoS) attacks represent a family cyber-attacks that are more and more common nowadays. They aim to make the service unavailable by overwhelming the victim with high traffic volumes (this is the case of volumetric or amplification attacks based on UDP, ICMP, DNS, …) or an high number of requests (including TCP connection […]
Dec 10th, ntop miniconf 2020 part III: nProbe and n2disk (on embedded systems)
This is a reminder for the third and last part of our mini-conference 2020 scheduled for this Thursday, December 10th 4 PM CET/10 AM EST. This time we’ll focus on the latest nProbe and n2disk features and provide a short practical tutorial. In addition we’ll cover ntopng alert and endpoints. Finally we’ll discuss how to […]
Exploiting Arista MetaWatch with n2disk and ntopng: HighRes Timestamping and Analytics
Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel network adapters. A better alternative to this practice is to avoid ad all using specialised […]
Using ntopng as network sensor for SecurityOnion (and integrated with Suricata)
SecurityOnion (SO) is a popular Linux distribution for threat hunting and security. It included ElasticSearch as backend for storing alerts as well as Kibana-based web interface. SO includes out of the box a few sensors such as Suricata that is a signature-based IDS used for flow analysis. To date SO does not include a tool […]
Embedding ntop: Nokia Beacon and Ubiquity UniFi Dream Machine
The latest generation of network devices are pretty powerful and open. This means that such devices ship with a Linux-based distribution such as OpenWRT or UniFI OS. In these devices it is possible to install third party software as the CPU is pretty powerful, there is some storage and memory available for running additional applications. […]
Using ntop tools on VyOS
VyOS is a popular open-source router and firewall platform based on Linux, and some of our users asked us to support it natively. This post explains you how to achieve that in a few simple steps. Prerequisites As VyOS is based on Debian Linux, the easiest solution is to install precompiled Debian packages or compile […]
Introducing n2disk 3.6: full L7 support, fast flow export, replay rate control
This is to announce a new n2disk release 3.6. This release adds full support for indexing and retrieving traffic based on the Layer-7 application protocol. This can now be enabled even when flow export is disabled, and it is possible to use the extraction tool to extract selected application traffic using the Layer-7 protocol as […]
Introducing PF_RING 7.8: ZC support for new Intel adapters and much more
This is to announce a new PF_RING major release 7.8. The main changes in this release include: The new ice ZC driver supporting E800 Series 100 Gigabit Intel adapters. Hardware timestamp support for packet trailers and keyframes generated by Arista 7150 Series and Metawatch. This also includes device information such as the Device ID and […]