ntop

n2disk

Building a (Cheap) Continuous Packet Recorder using n2disk and PF_RING [Part 2]
Continuous packet recorders are devices that capture raw traffic to disk, providing a window into network history, that allows you to go back in time when a network event occurs, and analyse traffic up to the packet level to find the exact network activity that caused the problem. n2disk is a software application part of the ntop suite able to capture traffic at high speed (it relies on the PF_RING packet capture framework, able to deliver line-rate packet capture up to 100 Gbit/s) and dump traffic to disk using the standard PCAP …
ntop

System-Introspected Network and Container Visibility: A Quick Start Guide
Recently, we have introduced the concept of network and container visibility through system introspection and also demonstrated its feasibility with an opensource library libebpfflow. In other words, by leveraging certain functionalities of the linux operating system, we are able to detect, count and measure the network activity that is taking place on a certain host. We have published a paper and also presented the work at the FOSDEM 2019 and therefore a detailed discussion falls outside the scope of this post. However, we would like to recall that information we …
ntop

Introducing nProbe Agent: Packetless, System-Introspected Network Visibility
A few months ago at FOSDEM we introduced the concept of network and container visibility through system introspection and we released an opensource library based on eBPF that can be used for this scope. Based on this technology, we created a lightweight probe, nProbe™ Agent (formerly known ad nProbe mini), able to detect, count and measure all network activities taking place on the host where it is running. Thanks to this agent it is possible to enrich the information extracted with a traditional probe from network traffic packets, with system data such as users …
ntop

Talking about Network, Service, and Container Monitoring at InfluxDays
Later this week the ntop team will attend InfluxDays, June 13-14, London, UK. We’ll be talking about traffic monitoring in containerised environments, and give you an outlook of our roadmap.    If you are attending this event (we’ll have a booth at InfluxDays), or if you live in London and want to meet us, please show at the event to contact us so we can arrange an informal meeting and hear from you. We need feedback from our users so that together we can plan the future of ntop. Hope …
ntop

ntopConf 2019 Retrospective
On May 8-9th we have organised our yearly event, in Padova, Italy. The first day was dedicated to training and the second day to the conference. Overall about 150 people attended the event, and we’re glad of it. Our gratitude goes to the speakers, Wintech that took care of logistics, and to all those that made this event a success. Below you can find the presentation slides used during the conference. Roberto Pezzile, Mirco CailottoL’uso di Ntop come strumento di monitoraggio Layer 7 per i servizi di full outsourcing [IT] Luca …
ntop

Monitoring Containerised Application Environments with eBPF
Earlier this week ntop and InfluxData held a joint webinar about monitoring containerised applications. We have discussed solution for monitoring both legacy (e.g. non-containerised) and containerised applications, what are the technologies we can use. As most of you know, we have developed libebpfflow that is an open source library for generating IPFIX-like flows not using packets but system events we capture with eBPF. In addition to this, we are developing a new version of the nProbe product family that is able to also exploit Netlink to complement eBPF statistics with traffic counters. …
Announce

Cento 1.6 Stable Just Released
After more than one year since the latest stable release, we are glad to announce cento 1.6-stable. This new release brings stability, fixes and several new features. Among the new features, it is worth mentioning that: Flows can be exported in a standardized JSON to text files. By default, a user cento runs and owns both the process and process files. This makes running cento more secure than using root. In addition, any user in the system can be used to run cento. A capture direction can be indicated so …
Announce

nDPI 2.8-stable is Out
This new release brings several fixes that make nDPI more stable. Such fixes involve especially DNS and HTTP traffic dissection. Here is the full list of changes: New Supported Protocols and Services Added Modbus over TCP dissector Improvements Wireshark Lua plugin compatibility with Wireshark 3 Improved MDNS dissection Improved HTTP response code handling Full dissection of HTTP responses Fixes Fixed false positive mining detection Fixed invalid TCP DNS dissection Releasing buffers upon realloc failures ndpiReader: Prevents references after free Endianness fixes Fixed IPv6 HTTP traffic dissection Fixed H.323 detection Other …
ntop

Honouring System Default Policies on ntop Packages
Many distributions provide mechanisms to let the system administrator decide if the new installed packages should be enabled and/or started automatically. Previously, the ntop services were always enabled and started automatically after the first package installation, regardless of any system preferences. Now the ntop packages rely on system utilities to properly start, stop and restart services after installation in order to correctly honor system policies. Due to the distribution specific defaults, this is now the default behaviour of the services installed by the ntop packages: Debian/Ubuntu Centos 7 Other Started …
ntop

Introducing n2disk 3.2: towards 100 Gbit to disk
This is to announce a new n2disk release 3.2. This release, besides addressing a few issues, includes new juicy features: Multithreaded dump and support for multiple volumes. This is useful in a few cases: If you want to record traffic above 30-40 Gbit/s to HDDs or SSDs, you should pay attention to the RAID controller limit. In fact, even if you use many disks in a RAID 0 configurations, many controllers are not able to scale above 30-40 Gbit/s of sustained write throughput. Load-balancing traffic across multiple controllers could be …
ntop

Introducing PF_RING 7.4: PF_RING FT, Containers and Virtual Functions Support
This is to announce a new PF_RING major release 7.4. This release includes many improvements to the PF_RING FT library, which is now more mature thanks to new API functionalities and features that provide more flexibility. This release also addresses many issues, and moves a step forward in the same direction of release 7.2, which included full support for Containers and Namespaces, adding support for CoreOS containers and ZC Virtual Function drivers, technologies commonly available in cloud services. This is the complete changelog: PF_RING Library New pfring_open PF_RING_DO_NOT_STRIP_FCS flag to disable …
ntop

Introducing nDPI 2.6: several new dissectors, DPDK and Hyperscan support
This is to announce the release of nDPI 2.6. Several dissectors have been improved and a few new ones have been added, as well we have improved the detection logic (this in case we have to guess the protocol due to incomplete data). This is also the first release of nDPI that natively supports Intel DPDK and also that improves Intel Hyperscan support. Please find below the complete changelog. Enjoy!   Changelog New Supported Protocols and Services New Bitcoin, Ethereum, ZCash, Monero dissectors all identified as Mining New Signal.org dissector New Nest …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe