Botnets are a popular way to run malware on a network using the command and control paradigm. Popular protocols used by botnets include IRC and HTTP. Most IDSs can detect bots as long as they can inspect the network traffic. … Continue reading
Trickbot Malware Analysis Using nDPI and ntopng
Trickbot is a malware distributed via malspam, spam emails containing links for downloading malicious files that infect computers. A pcap file of a trickbot infection named 2019-09-25-Trickbot-gtag-ono19-infection-traffic.pcap can be downloaded at this URL. You can analyse the file using nDPI … Continue reading
How Active Monitoring Works in ntopng
In v4 we have introduced active monitoring in ntopng and since then we are improving in the 4.1.x development versions. In order to enable it you have to selectd the “System” interface from the top menubar and select “Active Monitoring” … Continue reading
Implementing Network Visibility in Covid-19 Days
Ongoing health emergency demands business to enable employee work from home: call it smart working or (better) remote working. This process puts pressure on the company Internet connection as many (if not all) the activities need to be done remotely. … Continue reading
ntopng 4.0: A Refreshed Look with Dark Themes!
The latest ntopng 4.0 has a renewed look. The main changes we have introduced are: An always-on-top status bar. Key information on the health and status of the network is essential for the analyst and it must be always visible … Continue reading
Active Monitoring in ntopng 4.0: ICMP, ICMPv6, HTTP and HTTPS pings with RTT
The latest stable ntopng 4.0 features a Round Trip Time (RTT) monitor which is capable of pinging hosts on a minute-by-minute basis to check: IP reachability with ICMP and ICMPv6 pings Web servers functionality with HTTP and HTTPS pings Checks … Continue reading
Introducing ntopng for MacOS. Finally.
For a long time out MacOS users asked a native ntopng package. Even though we use MacOS and Linux to develop our tools, we didn’t consider important to revamp the MacOS installer (ntopng 1.x has a native MacOS installer) as … Continue reading
Extending ntopng by Means of Plugins: A Step-by-Step Tutorial
ntopng v4 has introduced the concept of plugins that are short scripts written in Lua. They allow people to code ntopng extensions for triggering alerts when specific conditions are met, or extend the engine by adding new external data feeds. … Continue reading
Say Hello To ntopng 4.0: Cybersecurity, Scripting… and a New User Interface
After over one year of work, we’re proud to announce you that ntopng 4.0 is finally out. In this time we have redesigned ntopng for speed and openness, by breaking apart the existing monolithic C++ engine into a Lua-scriptable micro-engine. … Continue reading
Securing Flow Collection Using Data Encryption
NetFlow/IPFIX specifications have not considered privacy and confidentiality important. Exported flows are sent over unencrypted channels that prevent them to be exchanged on public networks unless techniques such as VPNs are used. Today encryption is no longer an option, and … Continue reading