Checkmk is a popular platform for monitoring IT infrastructure. ntopng has been integrated in Checkmk some time ago, enabling users to provide traffic visibility in additional to classic bytes/packets metrics. As ntopng is able to produce traffic alerts that, we have decided to extend ntopng in order to export alert information towards Checkmk event console […]
Extended Multilanguage Support in ntopng: Korean, Spanish and French
This is to announce that ntopng now enables users to use a new languages: Korean, Spanish and French. We have also improved translations of German and Italian. The translation is done using an automatic tool so, we cannot guarantee that the translation is completely correct. Error or typos are accepted as a GitHub issue: please […]
InfluxDB v2 support in ntopng is Now (partially) Available
It’s been 3 years since InfluxDB v.2 was released and until a couple of months ago we didn’t plan to add the support to the InfluxDB v.2 due to many reasons: migration from SQL to Flux query language, v2 performance not better than v1. The in the meantime InfluxData release InfluxDB v3 that is currently […]
HowTo Use Cloud Licenses
As discussed in our spring webinar, it is now possible to use (in beta) cloud licenses with ntopng and nProbe. Contrary to standard licenses that are bound to a physical system (based on the systemId), cloud licenses are “floating” as the same license file can be used on multiple hosts, of course not simultaneously (i.e. […]
Using ClickHouse Cloud with ntopng
We are happy to announce that from the latest ntopng dev (6.1) version, ntopng supports exporting data (flows & alerts) to ClickHouse Cloud. Below you can find a step-by-step guide. Quick Start First of all let’s start by creating our account and service on the ClickHouse Cloud (you can find the official guide here); remember […]
How Historical Traffic Behaviour Analysis Works
In ntopng we have implemented various techniques for analysing historical traffic. This post shows you the options available: In timeseries you can see the current traffic rate (line) or the traffic rate of the previous period of time (dotted). This allows you to visually analyse when traffic deviates from previous period of time (see for […]
DoS Detection Using ntopng and NetFlow/IPFIX
Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy !
How ntopng Host Traffic Accounting Works
Despite ntop has implemented rich network metrics over the years, the two most important metrics that people keep asking us are volume (how much) and time (how long). Timeseries offer a quick view of the traffic and allow people to immediately spot traffic peaks or absence of transmissions. They are good for traffic analysis but […]
How we have Decreased ntopng Memory Usage by more than 60%
In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before […]
HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces
Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with […]