ntopng

nDPI

Promoting Traffic Visibility: from Application Protocols to Traffic Categories in nDPI and ntopng
Often we receive emails asking question like: “how many protocols nDPI supports?”, “how do you position nDPI against commercial DPI toolkit A, B, C?”. Although these questions are reasonable, they do not grasp the significance of DPI. For years commercial toolkits have run the race for protocols: I have 200 protocols, I have 1000 protocols, I have 500. Then asking that is the meaning with the term “protocol” people list traffic from to sites like cnn.com or bbc.co.uk. But BBC is not a protocol but rather some traffic (for instance …
ntopng

Securing ntopng with SSL and Let’s Encrypt
As you know ntopng web interface supports both HTTP (default) and HTTPS. The reason why ntopng does not default to HTTPS is because we provide self-signed certificates that web browsers dislike. Fortunately today you can create a free SSL certificate recognised by all browsers by using Let’s Encrypt open certificate authority (CA). This article describes how you can do this in a few simple steps: for simplicity we limit our scope to Ubuntu/Debian but on other distro’s the procedure is similar. Install certbot as described in this article Suppose that you …
nProbe

Using nProbe and ntopng for Collecting and Visualizing Sonicwall Flows
nProbe is both a probe and a NetFlow/sFlow collector. Recently, we’ve also added added the ability to collect flows with proprietary information elements. This greatly improves nProbe flexibility as any custon, vendor-proprietary information element can be understood, correctly parsed, and exported downstream. Adding proprietary information elements to nProbe is a breeze. Indeed, it suffices to use a plain-text file with the elements description. That’s all. Once the fields have been loaded from the plain-text file, they can be treated as if they were regular fields. So for example they can …
nEdge

Say hello to ntopng and nEdge 3.6: Timeseries with TimeShift and InfluxDB
ntopng 3.6 release is paving the way to metrics-based traffic analysis. We have finally put ntopng on top of a timeseries-independent layer that allowed us to currently RRD and InfluxDB and in the future other backends. This means that you can now also (you can for instance use ntopng as a flow exporter and as a Grafana data source) use ntopng as a time series datasource (see the timeseries API for further information) or you can analyse data through the ntop web interface that has been greatly enhanced. As you …
ntopng

ntopng and Time Series: From RRD to InfluxDB, new charts with Time Shift
One of the main concern of our users is the ability to scale ntopng with a large number of hosts/protocols and hence how to scale time series. As already discussed, RRD has many limitations with the increase of number of time series, hence it was time to start exploring new paths. We decided to abstract the ntopng engine from RRD and thus open up the engine to new time series databases. This has enabled us to use InfluxDB to store time series instead of RRD, that (as already discussed) enabled …
ntopng

Learning the ntopng Lua API
ntopng is open source, that means you can read its code and modify it according to the GPL license. The current ntopng architecture is based on three layers where the top one is written in Lua and it is used to render the web interface as well to execute periodic activities. In essence the C++/Lua API is a clean way to interact and extend ntopng without having to code in C++. So far we have used this API inside the ntop team without documenting it. This has been a mistake …
ntopng

Best Practices to Secure ntopng
After a fresh install, ntopng will run using a default, basic configuration. Such configuration is meant to provide an up-and-running ntopng but does not try to secure it. Therefore, the default configuration should only be used for testing purposes in non-production environments. Several things are required to secure ntopng and make it enterprise-proof. Those things include, but are not limited to, enabling an encrypted web access, restricting the web server access, and protecting the Redis server used by ntopng as a cache. Here is the list of things required to …
ntopng

How ntop built a web-based traffic analysis and flow collection with InfluxDB
A couple of days ago InfluxData hosted a ntop webinar about how we have integrated InfluxDB into ntopng. Those who have not attended it can give a look at the presentation slides as well watch the webinar. In essence: ntopng is based on RRD for timeseries As networks grow, ntopng needs to store more time series more granular. RRD is file based, that is a good things as configuration is minimal, but it does not scale on mid/large networks. We need an alternative, and found InfluxDB to be the best option …
ntopng

How to use ntopng in compliance with GDPR
Today the General Data Protection Regulation (GDPR) (EU) 2016/679 is effective in the European Union. GDPR is designed to protect personal data and thus preserve privacy in particular as specified in articles 13 to 22, and 34. As we manufacture tools for traffic monitoring, we’ve to make sure that our tools can be used in compliancy with GDPR. In particular we’ve implemented a couple of features that can be useful: If you go select “Preferences” from the ntopng menu, and click on the “Misc” pane you can access the preference for …
ntopng

ntopng goes Elastic: Introducing ElasticSearch 6 Support
As you ntopng users know, out of the Elastic toolset ntopng supports both ElasticSearch and LogStash. You can use them using the -F flag: --dump-flows|-F] <mode> | Dump expired flows. Mode: | es Dump in ElasticSearch database | Format: | es;<mapping type>;<idx name>;<es URL>;<http auth> | Example: | es;ntopng;ntopng-%Y.%m.%d;http://localhost:9200/_bulk; | Notes: | The <idx name> accepts the strftime() format. | <mapping type>s have been removed starting at | ElasticSearch version 6. <mapping type> | values whill therefore be ignored when using | versions greater than or equal to 6. | …
ntopng

Welcome to ntopng 3.4: Improved Alerts/SNMP/Asset Discovery, InfluxDB/Prometheus Support
We’re happy to announce the release of ntopng 3.4 that introduces several enhancements and new features, some of which will be finalised in 3.6 due later this year. This version consolidates several months of work and paves the way to more radical changes planned for the next release. In particular beta features present in this version include support for InfluxDB and Prometheus so that you can use ntopng for exporting traffic data towards time-series databases (you can read about influx and prometheus). We have also revamped the alert implementation and introduced initial …
Announce

Introducing Multi-language Support in ntopng
Traditionally all ntop tools have manuals and user interface in English. As sometimes our users are not really familiar with it, we have decided to introduce user interface translation of the user interface so that we can make those users more comfortable when using ntopng. As the moment we have added support for Italian and German, but we might consider adding further languages in the future. When you first login to ntopng after installation you will notice that there is a new menu that allows you to set the language …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe