Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you … Continue reading
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients … Continue reading
NetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and … Continue reading
How Attackers and Victims Detection works in ntopng
In recent ntopng versions, alerts have been significantly enriched with metadata useful to understand network and security issues. In this post, we focus on the “Attacker” and “Victim” metadata, used to enrich flow alerts and label hosts. Specifically, the client … Continue reading
Detecting and Analysing Qakbot Traffic Using ntopng
In this post Martin shows how he has used ntopng to detect Qakbot trojan. Many thanks for this contribution. Introduction I am using ntopng for network monitoring quite some time now and I was curios to see, what ntopng would … Continue reading
Best Practices for High Speed Flow Collection
Most people use nProbe and ntopng to collect flows using an architecture similar to the one below where nprobe and ntopng are started as follows: nprobe -3 <collector port> -i none -n none —zmq “tcp://*:1234” –zmq-encryption-key <pub key> ntopng -i … Continue reading
What is Score, and How It can Drive You Towards Network Issues
Telemetry protocols such as sFlow/NetFlow, SNMP or packet-based traffic analysis are the source of data for network traffic monitoring. For a long time visibility was the main issue and people were attracted by new tools such as Grafana that allowed … Continue reading
How To Monitor Traffic Behind a Firewall (During and Post Pandemic)
Due to pandemic, many people are now working in a delocalised world: some work from home, others from the office. To make things even more complicated, in the past remote workers used to connect to the company network via a … Continue reading
Join FOSDEM 2021 ntop sessions, Sat-Sun Feb 6-7th (online)
We are proud to announce that a couple of talks have been accepted at FOSDEM 2021, one of the most important FOSS conferences in the world that this yar will take place online due to the pandemic. In the Network … Continue reading
Bringing Network Visibility, Cybersecurity and Encrypted Traffic Analysis to OPNsense, pfSense and FreeBSD
This is to announce the immediate availability of both ntopng and nProbe for OPNsense, pfSense and FreeBSD, directly supported by ntop, with nightly builds and all the features present on all other supported platforms such as Linux, Windows and MacOS. … Continue reading