Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel network adapters. A better alternative to this practice is to avoid ad all using specialised […]
You’re Invited to the ntop MiniConference 2020: November 24th, December 3rd and 10th
This year due to the pandemic, we had to cancel our scheduled community event. Considered that we have introduced many new features in our tools we would like to invite you to an online mini-conference divided in three distinct events. The first event is a general even where we briefly summarise what we have done […]
Howto Write a Telegram Alert Endpoint for ntopng
Telegram is a popular messaging application that many people use daily to do instant messaging and receive notifications. As of ntopng 4.2, it is now possible to deliver alerts to external entities including Slack, email and Discord. This post will show you how the Telegram alert endpoint has been developed so that readers can learn […]
Say Hello to ntopng 4.2: Flexible Alerting, Major Speedup, Scada, Cybersecurity
We are pleased to introduce ntopng 4.2 that introduces several new features and breakthroughs while consolidating the changes introduced with 4.0. The main goals of this release include Enhance and simplify how alerts are delivered to consumers Many internal components of ntopng have been rewritten in order to improve the overall ntopng performance, reduce system […]
A Step-by-Step Guide on How to Write a ntopng Plugin from Scratch
In ntopng you can write plugins to extend it with custom features. This short tutorial explains you how to do that step-by-step. Here we drive you through the creation of a plugin for generating alerts when an unexpected DNS server is observed: this is useful to spot hosts that have a custom DNS configured or […]
Using ElasticSearch to Store and Correlate Ntopng Alarms
With the introduction of ntopng endpoints and recipients, it is now possible to handle alerts in a flexible fashion by means of recipients. ntopng embeds a SQLite database for turn-key alert storage and reporting. However in large organizations with many alerts scalability of this solution is limited due to the limited number of records (16k) […]
Using ntopng Recipients and Endpoints for Flexible Alert Handling
In the latest ntopng 4.1.x versions (and soon 4.2) we have completely reworked the way alerts are delivered to subscribers. Up to 4.0 the ntopng engine was configured in a single way for all alerts: go to the preferences page and specify where to deliver alerts. This was suboptimal for many reasons, including the fact […]
Monitoring Industrial IoT/Scada Traffic with nDPI and ntopng
Monitoring Industrial IoT and SCADA traffic can be challenging as most open source monitoring tools are designed for Internet protocols. As this is becoming a hot topic with companies automating production lines, we have decided to enhance ntop tools to provide our user community traffic visibility even in industrial environments. This has required to enhance […]
How Attack Mitigation Works (via SNMP)
One of the greatest strengths of ntopng is its ability to correlate data originating at different layers and at multiple sources together. For example, ntopng can look at IP packets, Ethernet frames and, at the same time, poll SNMP devices. This enables ntopng to effectively perform correlations and observe: The behavior of IP addresses (e.g., […]
Mice and Elephants: HowTo Detect and Monitor Periodic Traffic
Most people are used to top X: top senders, top receivers, top protocols. So in essence they are looking for elephants. While this is a good practice, mice are also very interesting as they can often be hidden in the noise. In cybersecurity noise is very good for attackers as they often try to hide […]