ntopng

ntopng

How to Detect Malware Hosts and Scanners Using ntopng
Hosts directly connected to the Internet are often contacted by scanners and malware hosts. Since a few releases ntopng integrates a blacklist that is refreshed daily. Whenever a host part of this list contacts your ntopng instance and alert is triggered and displayed in the flow alerts. This feature allows you to see who has contacted you with (usually) bad things in mind. Instead, if you want to see in realtime who blacklisted hosts are contacting you, you can click in the hosts menu and select “Blacklisted Hosts” as shown …
ntopng

Network Traffic Analysis in ntopng (a.k.a. ntopng 2019 Roadmap)
Aut viam inveniam aut faciam, Hannibal 247-182 B.C. For years ntopng has been a solution for collecting, analysing and visualising network traffic, but with a major limitation. It is too rich in data display and reporting that users needs to be experts in know what they are looking for. If not, they will be lost with all the data you can find on the web GUI, that is the opposite of what we tried to do. It is now time to go beyond simple threshold analysis, as currently implemented in …
Announce

Introducing Ubuntu 18 Support for ntopng Edge (nEdge)
After 6 months from the first nedge announcement, as a response to our customers feedback, nEdge now provides brand new features, like the ability to apply policies based on the device type, the RADIUS integration for captive portal users authentication, the ability to add static routes when running in router mode and the programmatic configuration of users and policies. Today, one of the most requested features is finally ready: the support for Ubuntu 18.04! Ubuntu 18.04 is the new LTS stable release of Ubuntu. It adopts a new environment for …
Announce

Welcome to ntopng 3.8 with continuous drill down: packets, flows, activities
We are happy to announce ntopng stable 3.8. The is the core of the next 4.0 release as it integrates new features that will be consolidated in the next release scheduled for spring. The main features include: SQL database-free high-speed traffic indexing based on a new home-grown technology. As explained in this post, we managed to store compressed flow information on disk combined with high-speed retrieval. Just add “-F nindex” to ntopng to start using this new feature, currently available in the ntopng enterprise edition. You can read more here. …
n2disk

Drill Down Deeper: Using ntopng to Zoom In, Filter Out and Go Straight to the Packets
ntopng has grown significantly over the past years, providing an increasingly-interesting set of features to support network analysts and troubleshooters in their decisions. Among the most relevant features, it is worth mentioning that timeseries inspection pages have been redesigned and reworked profoundly to facilitate the drill-down of historical data. Similarly, a home-grown high-speed special-purpose flow database has been seamlessly integrated in ntopng to ease the storage and retrieval of historical flows. However, the circle was not really closed. A piece was missing. Something that could take us down to the …
ntopng

Say hello to nIndex: Personal Big Data System for Network Flows
Being able to store network flows is a very challenging task using generic databases. Networks are becoming faster and faster and, nowadays, flow-based analysis tools should store tens, or even hundreds, of thousands of flows per second, to keep up with SME and enterprise demands. Existing tools, such as relational databases, fail to accomplish this task. Unless you have unlimited resources available, tons of RAM and clusters of machines, chances are your database will choke, quickly becoming too slow to enable queries from being performed in a reasonable time. It was incredible …
nProbe

Measuring ntopng+nProbe Flow Processing Performance
NOTE: this post is outdated. Latest versions of ntopng and nProbe improve performance significantly. New figures are given in this post. In this post we try to analyze the performance of nProbe and ntopng for the collection of NetFlow. ntopng and nProbe will be broken down into smaller functional units and such units will be analyzed to understand the maximum performance of every single task as well as of the overall collection architecture. The machine used for the analysis is equipped with an 4-core Intel(R) Xeon(R) CPU E3-1230 v5 @ 3.40GHz …
ntopng

ntopng Disk Requirements for Timeseries and Flows
Being able to do a priori estimations of the space that ntopng is going to use in a production environment is fundamental for the provisioning of the storage. In this post we try to estimate the space used by ntopng to store timeseries and flows. Timeseries The number of timeseries generated by ntopng depends almost exclusively on the number of local hosts. Other timeseries generated, including those for the interfaces or SNMP devices, are generally orders of magnitude less than those generated for local hosts. For this reason, it is …
ntopng

Advanced SNMP Monitoring with ntopng
It has been a while since we have added SNMP support to ntopng. The first release, presented in this blog post, implemented basic SNMP support. Since then we have code various improvements and new feature, with the aim of turning ntopng in an advanced SNMP monitor. Among the extensions we have implemented are the following: A cache to decouple the polling of devices from the browsing of polled data Devices are polled periodically by ntopng with a background task that cycles them at 5-minute intervals and sends polled data to …
Components

Remote ntopng Authentication with RADIUS and LDAP
In large organizations, it is common to have a centralised authentication system usually named AAA (Authentication, Authorization and Accounting). Managing users typically involves the definition and enforcement of the rights to do some operations or to access certain resources in a network. Being able to grant (or deny) such rights using a centralized authentication system is the only viable solution when it comes to dealing with large organizations with hundreds, or even thousands, of users that periodically join and leave. AAA protocols include Remote Authentication Dial-In User Service (RADIUS) and …
n2n

Use Remote Assistance to Connect to ntopng Instances
A problem same ntop users how to face with, is the ability to remote access a ntopng instance running behind a firewall. This can be solved using a VPN or other means that often require to deploy an additional network service. Some of our ntop users are familiar with n2n, an open source peer-to-peer VPN ntop developed and maintains. With n2n in essence is possible to create a network overlay that allows you to access your assets in a secure way, this regardless of your network configuration. For this reason …
nProbe

sFlow Collection and Analysis with nProbe and ntopng
sFlow, short for sampled Flow, is a sampling technology designed to export network devices information, namely: Interface counters (à la SNMP MIB-II); Traffic packets (à la ERSPAN). sFlow agents run on switches, routers, firewalls and other devices, and periodically export interface counters and traffic packets via UDP towards one or more sFlow collectors. sFlow, relying on sampling processes to periodically counters and packets, is scalable and ultra-lightweight and has been embedded into network devices by tens of vendors and manufacturers. Contrary to NetFlow (please note that in sFlow parlance the …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe