Most people think that SSL means safety. While this is not a false statement, you should not take it for granted. In fact while your web browser warns you when a certain encrypted communication has issues (for instance them SSL certificates don’t match), you should not assume that SSL = HTTPS, as: TLS/SSL encryption is […]
Telemetry Data in ntopng: Giving Back to the Community
The latest ntopng 3.9 dev gives you the possibility to choose whether to send telemetry data back to ntop. We collect and analyze telemetry data to diagnose ntopng issues and make sure it’s functioning properly. In other words, telemetry data help us in finding and fixing certain bugs that may affect certain versions of ntopng. […]
Packets vs Flows: Which Option is the Best?
One of the most difficult steps on a monitoring deployment scenario is to choose where is the best point where traffic has to be monitored, and what is the best strategy to observe this traffic. The main options are basically: Port Mirroring/Network Tap NetFlow/sFlow Flow Collector Port Mirroring/Network Tap Port mirroring (often called span port) and […]
Detecting Hidden Hosts and Networks on your (shared) LAN
In theory on switched networks each portion of a LAN is independent. This means that for instance that network 192.168.1.0/24 and 192.168.2.0/24 are using different switch ports that communicate through a router, and also that are not sharing the same physical network. Unfortunately sometimes people violate this principle by putting on the same physical port […]
How enable DPI-based Traffic Management in pfSense using nEdge
We have been receiving several inquiries from pfSense users who would love to complement the classical firewall-style pfSense features with the inline Layer-7-based traffic policing offered by nEdge. Being able place pfSense and nEdge side by side allows to overcome the common belief which sees the bad guys on the Internet and the good guys […]
ntopng Multilanguage Support: EN, IT, DE and JP
We are happy to announce that ntopng has gone fully international! The following languages are now officially supported: English Italian Japanese German Language files are completely opensource, meaning that you can choose your preferred ntopng language, no matter if you are a community, Professional or Enterprise user! Languages are supported on a per-user basis, hence, […]
How to Track and Fight Malware, Ransomware, Botnets… using ntopng
Malware blacklists are not something new to ntopng. ntopng (including ntopng Edge) has integrated the emerging threats blacklist https://rules.emergingthreats.net for a long time. The 3.6 stable release also introduced some webmining blacklists, which would flag online mining sites and generate alerts. Despite the new integrations, ntopng lacked the ability to inform the user about the […]
Identifying Suspicious Flows: Network Issues or Misbehaving Hosts ?
Starting from the latest 3.9 version, ntopng features and handy dropdown menu that allows you to filter flows on the basis of their current TCP state. Being able to filter flows on the basis of their TCP state is particularly useful as it allows to separate the normal flows from those that are suspicious or […]
How to Detect Malware Hosts and Scanners Using ntopng
Hosts directly connected to the Internet are often contacted by scanners and malware hosts. Since a few releases ntopng integrates a blacklist that is refreshed daily. Whenever a host part of this list contacts your ntopng instance and alert is triggered and displayed in the flow alerts. This feature allows you to see who has […]
Network Traffic Analysis in ntopng (a.k.a. ntopng 2019 Roadmap)
Aut viam inveniam aut faciam, Hannibal 247-182 B.C. For years ntopng has been a solution for collecting, analysing and visualising network traffic, but with a major limitation. It is too rich in data display and reporting that users needs to be experts in know what they are looking for. If not, they will be lost […]