ntopng

ntopng

Towards ntopng v4: New User Interface Featuring Dark Theme
This February we’ll introduce ntopng v4 and we’re starting to write some blog posts to preview the new features. Let’s start with the user interface. Since v1 the UI has always been the same. People however asked us some more flexible layout where it is possible for instance to switch across network interfaces in a breeze. Furthermore the pervasive use of dark themes was also a driving force towards changes. While the UI in 4.2 will integrate new changes we already planned (for instance to switch from realtime to historical …
ntopng

Introducing Automatic Package Update in ntopng
One of the most useful features in applications, is the ability to Update the application with a matter of click with no need to move to the terminal console. Instruct the system to update the application as a new version is available. We have realised that many of our users missed this feature in ntopng for a long time, and so we decided to implement it. As this feature depends on the operating system, we have decided to implement it for all the Linux distributions (sorry, no Windows support) for …
ntopng

Exploring Physical Network Topologies Using ntopng
ntop tools are known for monitoring network traffic. However this traffic has to flow on physical networks and thus it is important to understand the physical network layout. LLDP (Link Layer Discovery Protocol) is a network protocol used to dynamically build network topologies and identify network device neighbours. In the latest ntopng dev build (that will be merged in the next v4 stable) we have enhanced the SNMP monitoring capabilities with LLDP support. if your SNMP devices have LLDP enabled, ntopng now polls this information and build an adjacency graph …
ntopng

Spotting Plaintext Information in Network Protocols
In short: encryption does not always mean that all the information exchanged is really encrypted. Another myth is that many people believe that the equation “encryption = security” holds. Unfortunately this is not true. This slide deck we presented at Sharkfest Europe 19 shows in practical terms what information is sent in clear text in popular protocol as well what information encrypted TLS traffic reports unencrypted. Enjoy! …
ntopng

ntopng & Suricata: Unifying Visibility with Security
This week we have presented at Suricon 2019 our work about unifying ntopng with Suricata. https://youtu.be/g7NFjeSQG0c In short: Suricata is a great tool for analysing individual flows but It lacks a GUI It is blind to security threats when they use non-standard ports It is mostly blind to encrypted traffic It does not provide a comprehensive view of the network but it is focusing only on flows. It is able to dissect only about 20 protocols with respect to 250 nDPI supports It is blind with respect to containers ntopng …
ntopng

Using RFC8520 (MUD) to Enforce Hosts Traffic Policies in ntopng
RFC8520 (Manufacturer Usage Description) specifies what is the intended (from the manufacturer standpoint) network behaviour of a network device. Being it defined in JSON format by the device manufacturer, it can be used for simple single-task devices such as a printer or an access-point where the device communications are simple and well defined. Typically a device specifies in DHCP requests the URL of a MUD file [image below courtesy of osMUD] that is defined by the manufacturer specifying what IP/ports the device can access. The URL is passed to an …
ntopng

Merging Infrastructure and Traffic Monitoring: Integrating ntopng with Icinga
Icinga2 is an open source monitoring system which checks the availability of hosts and services, notifies users of outages and generates performance data for reporting. Thanks to its scalability and extensibility, it has become very popular (as Nagios successor) and suitable to monitor complex environments, even across multiple locations. Although popular, it falls short when it comes to monitor how the network is being used by certain host. There are several plugins for network monitoring available both in the Icinga Template Library and in the Icinga Exchange, however, they only …
n2disk

Combining Traffic Recording with Visibility at 100 Gbps
A few months ago, with ntopng 3.8, we introduced support for continuous traffic recording, that allows you to drill down historical data from the timeseries level up to raw packets. This is useful when troubleshooting a network issue or analysing a security event, by combining traffic visibility with raw traffic analysis. In order to record raw data ntopng leverages on the n2disk application, which is able to capture full-sized network packets at wire-speed up to 100 Gbps from a live network interface, and write them into pcap files without any packet …
nProbe

Containers and Networks Visibility with ntopng and InfluxDB
For a while we have investigated how to combine system and network monitoring in a simple and effective way. In 2014 we have done a few experiments with Sysdig, and recently thanks to eBPF we have revamped our work to exploit this technology as well to be able to monitoring containerised environments. Months ago we have shown how to detect, count and measure the network activity which is taking place at a certain host just by leveraging certain functionalities of the linux operating system, without even looking at the traffic …
nDPI

TLS/SSL Analysis: When Encryption and Safety Are Not Alike
Most people think that SSL means safety. While this is not a false statement, you should not take it for granted. In fact while your web browser warns you when a certain encrypted communication has issues (for instance them SSL certificates don’t match), you should not assume that SSL = HTTPS, as: TLS/SSL encryption is becoming (fortunately) pervasive also for non web-based communications. The web browser can warn you for the main URL, but you should look onto the browser development console for other alerts (most people ignore the existence …
News

Telemetry Data in ntopng: Giving Back to the Community
The latest ntopng 3.9 dev gives you the possibility to choose whether to send telemetry data back to ntop. We collect and analyze telemetry data to diagnose ntopng issues and make sure it’s functioning properly. In other words, telemetry data help us in finding and fixing certain bugs that may affect certain versions of ntopng. And don’t worry, we won’t use any data to try and identify you. However, if you want to, you can decide to provide an email address we can use to reach you in case we …
nProbe

Packets vs Flows: Which Option is the Best?
One of the most difficult steps on a monitoring deployment scenario is to choose where is the best point where traffic has to be monitored, and what is the best strategy to observe this traffic. The main options are basically: Port Mirroring/Network Tap NetFlow/sFlow Flow Collector Port Mirroring/Network Tap Port mirroring (often called span port) and network tap have already been covered on a previous post. They are two techniques used to provide packet access that often are the best way to troubleshoot network issues as packets are often perceived as the …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe