ntop

ntop

Finding a Needle in a Haystack (was Traffic Disaggregation with Sub Interfaces in ntopng)
Network traffic moving across a link often contains various types of traffic, for example in large companies it can include a mix of traffic coming from: Employees network Core company servers Guests network Other Analysing the traffic as a whole is usually complicated and as a consequence many things are hard to see. It is more convenient to split it into smaller subsets based on traffic type and analyse it unbundled. This is because with a lot of heterogeneous traffic specific patters might be hard to be identified. In many …
ntop

Do You Know What Hackers Hide in SSL/TLS?
ntop believes that the future of traffic monitoring and network security will be played by the ability to inspect the behaviour of encrypted communications. It is fortunate that Sam Bocetta accepted to talk about encryption. Sam is a freelance journalist specializing in US diplomacy and national security, with emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography. He is currently working as a part-time cybersecurity coordinator at AssignYourWriter.co. SSL/TLS authentication has been around for a while. As one of the first internet safety protocols, an SSL certificate, signified by a …
n2disk

Building a (Cheap) Continuous Packet Recorder using n2disk and PF_RING [Part 2]
Continuous packet recorders are devices that capture raw traffic to disk, providing a window into network history, that allows you to go back in time when a network event occurs, and analyse traffic up to the packet level to find the exact network activity that caused the problem. n2disk is a software application part of the ntop suite able to capture traffic at high speed (it relies on the PF_RING packet capture framework, able to deliver line-rate packet capture up to 100 Gbit/s) and dump traffic to disk using the standard PCAP …
ntop

System-Introspected Network and Container Visibility: A Quick Start Guide
Recently, we have introduced the concept of network and container visibility through system introspection and also demonstrated its feasibility with an opensource library libebpfflow. In other words, by leveraging certain functionalities of the linux operating system, we are able to detect, count and measure the network activity that is taking place on a certain host. We have published a paper and also presented the work at the FOSDEM 2019 and therefore a detailed discussion falls outside the scope of this post. However, we would like to recall that information we …
ntop

Introducing nProbe Agent: Packetless, System-Introspected Network Visibility
A few months ago at FOSDEM we introduced the concept of network and container visibility through system introspection and we released an opensource library based on eBPF that can be used for this scope. Based on this technology, we created a lightweight probe, nProbe™ Agent (formerly known ad nProbe mini), able to detect, count and measure all network activities taking place on the host where it is running. Thanks to this agent it is possible to enrich the information extracted with a traditional probe from network traffic packets, with system data such as users …
ntop

Talking about Network, Service, and Container Monitoring at InfluxDays
Later this week the ntop team will attend InfluxDays, June 13-14, London, UK. We’ll be talking about traffic monitoring in containerised environments, and give you an outlook of our roadmap.    If you are attending this event (we’ll have a booth at InfluxDays), or if you live in London and want to meet us, please show at the event to contact us so we can arrange an informal meeting and hear from you. We need feedback from our users so that together we can plan the future of ntop. Hope …
ntop

ntopConf 2019 Retrospective
On May 8-9th we have organised our yearly event, in Padova, Italy. The first day was dedicated to training and the second day to the conference. Overall about 150 people attended the event, and we’re glad of it. Our gratitude goes to the speakers, Wintech that took care of logistics, and to all those that made this event a success. Below you can find the presentation slides used during the conference. Roberto Pezzile, Mirco CailottoL’uso di Ntop come strumento di monitoraggio Layer 7 per i servizi di full outsourcing [IT] Luca …
ntop

Monitoring Containerised Application Environments with eBPF
Earlier this week ntop and InfluxData held a joint webinar about monitoring containerised applications. We have discussed solution for monitoring both legacy (e.g. non-containerised) and containerised applications, what are the technologies we can use. As most of you know, we have developed libebpfflow that is an open source library for generating IPFIX-like flows not using packets but system events we capture with eBPF. In addition to this, we are developing a new version of the nProbe product family that is able to also exploit Netlink to complement eBPF statistics with traffic counters. …
Announce

Cento 1.6 Stable Just Released
After more than one year since the latest stable release, we are glad to announce cento 1.6-stable. This new release brings stability, fixes and several new features. Among the new features, it is worth mentioning that: Flows can be exported in a standardized JSON to text files. By default, a user cento runs and owns both the process and process files. This makes running cento more secure than using root. In addition, any user in the system can be used to run cento. A capture direction can be indicated so …
Announce

nDPI 2.8-stable is Out
This new release brings several fixes that make nDPI more stable. Such fixes involve especially DNS and HTTP traffic dissection. Here is the full list of changes: New Supported Protocols and Services Added Modbus over TCP dissector Improvements Wireshark Lua plugin compatibility with Wireshark 3 Improved MDNS dissection Improved HTTP response code handling Full dissection of HTTP responses Fixes Fixed false positive mining detection Fixed invalid TCP DNS dissection Releasing buffers upon realloc failures ndpiReader: Prevents references after free Endianness fixes Fixed IPv6 HTTP traffic dissection Fixed H.323 detection Other …
ntop

Honouring System Default Policies on ntop Packages
Many distributions provide mechanisms to let the system administrator decide if the new installed packages should be enabled and/or started automatically. Previously, the ntop services were always enabled and started automatically after the first package installation, regardless of any system preferences. Now the ntop packages rely on system utilities to properly start, stop and restart services after installation in order to correctly honor system policies. Due to the distribution specific defaults, this is now the default behaviour of the services installed by the ntop packages: Debian/Ubuntu Centos 7 Other Started …
ntop

Introducing n2disk 3.2: towards 100 Gbit to disk
This is to announce a new n2disk release 3.2. This release, besides addressing a few issues, includes new juicy features: Multithreaded dump and support for multiple volumes. This is useful in a few cases: If you want to record traffic above 30-40 Gbit/s to HDDs or SSDs, you should pay attention to the RAID controller limit. In fact, even if you use many disks in a RAID 0 configurations, many controllers are not able to scale above 30-40 Gbit/s of sustained write throughput. Load-balancing traffic across multiple controllers could be …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe