Exploiting Arista MetaWatch with n2disk and ntopng: HighRes Timestamping and Analytics

Posted · Add Comment

Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel network adapters. A better alternative to this practice is to avoid ad all using specialised […]

Embedding ntop: Nokia Beacon and Ubiquity UniFi Dream Machine

Posted · Add Comment

The latest generation of network devices are pretty powerful and open. This means that such devices ship with a Linux-based distribution such as OpenWRT or UniFI OS. In these devices it is possible to install third party software as the CPU is pretty powerful, there is some storage and memory available for running additional applications. […]

Using ntop tools on VyOS

Posted · Add Comment

VyOS  is a popular open-source router and firewall platform based on Linux, and some of our users asked us to support it natively. This post explains you how to achieve that in a few simple steps. Prerequisites As VyOS is based on Debian Linux, the easiest solution is to install precompiled Debian packages or compile […]

Using ElasticSearch to Store and Correlate Ntopng Alarms

Posted · Add Comment

With the introduction of ntopng endpoints and recipients, it is now possible to handle alerts in a flexible fashion by means of recipients. ntopng embeds a SQLite database for turn-key alert storage and reporting. However in large organizations with many alerts scalability of this solution is limited due to the limited number of records (16k) […]

How Great Hashing Can (More Than) Double Application Performance

Posted · Add Comment

Most ntop applications (ntopng, nProbe, Cento) and libraries (FT) are based on the concept of flow processing, that merely means keeping track of all network communications. In order to implement this, network packets are decoded and, based on a “key” (usually a 5-tuple consisting of protocol and src/dst IP and port), clustered into flows (other […]