ntopng

ntopng

ntopng 2.2 Just Released
After over 6 months of work, we’re pleased to announce the release of ntopng 2.2 (as already discussed even numbers identify stable releases whereas odd number development versions). The goal of this release has been to consolidate the existing work, fix issues reported by users, improve the reports we have introduced in 2.0 and pave the way for the next development iteration where we plan to add new features (we’ll present the roadmap in the next few weeks). The main new features of this release is the introduction of traffic …
ntopng

Exploring Historical Data Using ntopng
In the original ntopng it was possible to navigate historical information using a so called “Historical Interface”. Such interface was a logical network interface able to read flow data from a SQLite archive and present them on the web interface. This approach had various limitations when it was used to navigate data on a long term window, as all flows had to be restored on memory before visualising them, process that can take a lot of memory and time when data cardinality increases. In the ntopng 2.1 development version, we have …
nDPI

Using ntopng to Implement a WiFi Access Point with Layer 7 Traffic Enforcement
  This post will teach you how to create a cheap WiFi access point able to enforce layer-7 application protocols. In order to do this you can use a cheap RaspberryPi or BeagleBoard with a USB WiFi stick, or use a x86 PC.   The USB stick we use is the following # lsusb Bus 002 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter and once plugged onto a USB port it is immediately recognised by Linux (in this post we use Ubuntu Linux but other distro will …
ntop

Lessons learnt at #SharkFest15
Last week we have made a couple of presentations at SharkFest 2015, introducing to the Wireshark community what ntopng is about. The most interesting part has been the feedback of those who attended the talks who commented on “how to integrate ntopng with Wireshark”. My personal conclusion is that the best way of doing this, is to turn ntopng into a pre-processor for Wireshark; namely use ntopng to permanently monitor a network, detect anomalies, and then analyse them with Wireshark. In fact a packet sniffer cannot be used as a permanent …
June 3, 2015

Exploring your traffic using ntopng with ElasticSearch+Kibana
ntopng allows you to export monitoring data do external sources. For low-traffic sites, SQLite and the ntopng historical interface can be a good option. As your traffic increases you are forced to put your data on a database if you care about performance and long-term data persistency. In future ntopng versions we will add support for additional databases, but for the time being we decided to start with the ELK (ElasticSearch + LogStash + Kibana) paradigm. In this case ElasticSearch (ES) is the database backend, and Kibana the GUI used to …
Announce

Say hello to ntopng 2.0
After 9 months of development, we are pleased to announce the release of ntopng 2.0. This is a major release as we have reworked many application components and made the application robust and usable by mid/large companies and ISPs. We have created two versions of ntopng: Community edition: this is the standard ntopng that you can use free of charge and that implements a robust and easy to use web-based traffic monitoring application. Professional edition: an enhanced version of ntopng that includes modern reports and many new features listed below on this article. …
ntop

ntopng Deep Dive: Interview with Ivan Pepelnjak
Last month Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng. The main topic of the interview were: How it all started and why did Luca decide to start the ntop (and PF_RING) project? What is ntopng (next-generation ntop) and why did they rewrite the product? What are nprobe and nbox? The distributed architecture of ntopng, including probes, data sources, collectors, and the central analyzing engine; Combining ntop and elastic search; Why it makes sense to convert all data into JSON format? What are the problems of …
ntopng

Using ntopng (pre) 2.0 on a Ubiquity EdgeRouter
NOTE: due to limited resources, we have decided to discontinue ntopng on the Ubiquity. Please see this article for more updated information. As the release of ntopng 2.0 is around the corner (we are fixing the last bugs, polishing the GUI and writing some documentation), we want to show how to turn a cheap device such as the Ubiquity EdgeRouter into a traffic monitor and layer-7 policy enforcer as depicted below. NOTE: if you bridge traffic using ntopng, please make sure you do not create loops. A typical mistake is to …
ntopng

Moving towards ntopng 2.0
As you know, our plan is to release ntopng 2.0 later this spring. While we are still coding the last missing features, we have start packaging the tool so that you can start testing it. We have decided to create two versions of ntopng: Community edition: free open-source version, that you can use at no cost. Professional version: fee-based version, that includes features useful in companies. Of course this version will be free of charge for educations and universities as with all other ntop commercial products. There will also be …
nDPI

How to Enforce Layer-7 Traffic Policies Using ntopng
ntopng has been traditionally used to passively monitoring network traffic. However as years ago  IDS (Intrusion Detection System) became mature products and eventually became IPS (Intrusion Prevention System), it was time to add inline traffic capabilities in ntopng. This post gives you s sneak preview of this new feature (still under development) that will be included in the upcoming ntopng release. The idea is to combine network traffic monitoring with traffic enforcement so that you can use ntopng not just for monitoring your users (or your children if you are …
ntopng

Using ntop Applications with Docker and OpenStack
In order to ease the deployment of our applications, in addition to source code distribution, we have released binary packages (x64 and ARM) for CentOS/RedHat and Ubuntu/Debian. For PF_RING, that requires to be compiled against the installed kernel version, we have moved to DKMS so that you are no longer required to use the same kernel version we use for packaging it. However the current trend is going towards virtualised environments (not just VMs such as VMware) and IaaS (Infrastructure as a Service) and thus we need to support them.   Docker …
nProbe

Combining System and Network Visibility using nProbe and Sysdig
Introduction When in 1998 we have started the development of the original ntop, there were many Unix tools for monitoring network traffic: ping, tcpdump, netstat, and many others. Nevertheless we have decided to develop ntop, because there was no tool able to show on a simple way what was happening on our network. Early this year we have started the development of some experimental PF_RING kernel module extensions able to give ntop applications visibility of process activities, this in order to bind network traffic with a process name. We have lived once more the …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe