Using ElasticSearch to Store and Correlate Ntopng Alarms

Posted · Add Comment

With the introduction of ntopng endpoints and recipients, it is now possible to handle alerts in a flexible fashion by means of recipients. ntopng embeds a SQLite database for turn-key alert storage and reporting. However in large organizations with many alerts scalability of this solution is limited due to the limited number of records (16k) […]

How Great Hashing Can (More Than) Double Application Performance

Posted · Add Comment

Most ntop applications (ntopng, nProbe, Cento) and libraries (FT) are based on the concept of flow processing, that merely means keeping track of all network communications. In order to implement this, network packets are decoded and, based on a “key” (usually a 5-tuple consisting of protocol and src/dst IP and port), clustered into flows (other […]

How Attack Mitigation Works (via SNMP)

Posted · Add Comment

One of the greatest strengths of ntopng is its ability to correlate data originating at different layers and at multiple sources together. For example, ntopng can look at IP packets, Ethernet frames and, at the same time, poll SNMP devices. This enables ntopng to effectively perform correlations and observe: The behavior of IP addresses (e.g., […]

Using ntop tools (including PF_RING ZC) on Docker

Posted · Add Comment

Software containers are an elegant way to deploy software applications. If you are wondering if ntop supports software containers the answer is yes. Whenever new stable versions of packages are built, containers hosted on hub.docker.com are automatically updated. Instead if you want to build a custom container, you can use the docker files we maintain. […]

ntopng 4.0: A Refreshed Look with Dark Themes!

Posted · Add Comment

The latest ntopng 4.0 has a renewed look. The main changes we have introduced are: An always-on-top status bar. Key information on the health and status of the network is essential for the analyst and it must be always visible and easily accessible. This is why we have introduced an always-on-top fixed status bar with […]

Introducing nScrub 1.4 with IPv6 Support

Posted · Add Comment

This is to introduce the new nScrub 1.4 stable. Besides a few bug fixes (mainly to the API) this release introduces many improvements, including: Full IPv6 support both in routing and bridge mode. Improved TCP protection, it is now possible to use SYN Proxy in asymmetric mode. Hardware bypass with watchdog support as failover mechanism in […]

Introducing PF_RING 7.6: Flow Processing Made Easy with PF_RING FT

Posted · Add Comment

This is to announce a new PF_RING major release 7.6. Besides bug fixes and drivers updates to improve compatibility with latest kernels (including those shipped with Debian 10 and CentOS 8) this release includes many enhancements to the PF_RING FT library, which delivers unprecedented flexibility and all the features a flow-based packet processing application requires. […]