ntopng

nDPI

Running ntopng and nDPI on MacOSX

On Mac OS X users expect simple tool packaging and installation. Initially we planned to distribute .dmg files containing our apps, but then we have decided that in order to support current and future OSX version more easily, this was not the way to go. For this reason we have added support for packaging systems such as HomeBrew (and soon) MacPorts (work is still ongoing but close to the end). Today if you want to run ntopng and nDPI on your OSX box you have the option to: compile everything by …
nDPI

Released nDPI 1.5.1 and ntopng 1.2.1

Today we have released a maintenance version of both nDPI and ntopng that address minor issues present in the previous stable release. In particular for ntopng we have addressed many small security holes identified by security researchers (our thanks go to Luca Carettoni), and thus we encourage you to upgrade when possible; note that for all these attacks you needed a valid ntopng user and password before to perform them, so their danger level is not too high, but still we encourage you too upgrade. Finally this release contains patches and …
ntopng

Creating a hierarchical cluster of ntopng instances

As you know via ZMQ you can use ntopng as collector for nProbe instances. You can decide to merge all probes into one single ntopng interface (i.e. all the traffic will be merged and mixed) or to have an interface per probe. Example: Start the remote nProbe instances as follows [host1] nprobe --zmq "tcp://*:5556" -i ethX [host2] nprobe --zmq "tcp://*:5556" -i ethX [host3] nprobe --zmq "tcp://*:5556" -i ethX [host4] nprobe --zmq "tcp://*:5556" -i ethX If you want to merge all nProbe traffic into a single ntopng interface do: ntopng -i tcp://host1:5556,tcp://host2:5556,tcp://host3:5556,tcp://host4:5556 If you want to …
ntopng

Scripting ntopng with Lua

The ntopng architecture is divided in three layers: Ingress layer (flow or packet capture). Monitoring engine: the ntopng core. Lua scripting engine Data export layer (via web, syslog or log files). Thanks to the scripting engine, ntopng is fully scriptable. This means that via Lua you can extract the monitoring information and report it into HTML pages or export it to third party applications. The ntopng Lua API is pretty simple it consists of two classes, ntop and interface. ntopng also comes with some example scripts that highlight the main …
ntopng

ntopng 1.1 Released

This is to announce the release of ntopng 1.1. The main changes with respect to 1.0 include: Enhanced web GUI with new menus and extension of previous sections. Ability to specify multiple interfaces simulatenously (just repeat -i). Performance improvements both in nDPI and the ntopng engine (yes multi-Gbit traffic analysis is possible). Several enhancements to the flow collection interface (note that you need the very latest nProbe) that is not much faster and written in native C++ code. Added Google Maps support and HTML 5 map geolocation support. Ability to save …
ntopng

ntopng Tutorial @ LinuxDay 2013

Last Saturday 26th of October, we have presented a tutorial on ntopng at the Italian LinuxDay 2013. The slides we used for this presentation can be used to learn the idea behind ntopng and highlight the main design principles. We are also glad that this presentation has been accepted for submission consideration at the Italy in a Day contest, so it might have the chance to become part of this upcoming movie. …
nProbe

Using ntopng and nProbe on the BeagleBone (small is beautiful)

For years we enjoyed pushing the limits of our software products (our nBox recorder is able to handle multi-10Gbit interfaces for instance), but our roots are not there. All started in 2003 with this small PowerPC-based nBox where we have first integrated nProbe into it. Now after 10 years, it is time to rethink all this and try again. On the market there are several small and cheap platforms such as the Raspberry Pi, the BeagleBone Black and the EdgeMax that are ideal platforms for our apps. We have then decided …
nProbe

Why nProbe+JSON+ZMQ instead of native sFlow/NetFlow support in ntopng?

Both sFlow and NetFlow/IPFIX are the two leading network monitoring protocols used today on the market. They are two binary protocols encapsulated over UDP, with data flowing (mono-directional) from the probe (usually a physical network device or a software probe such as nProbe)  to the collector (a PC that receives traffic and handles is or dumps it on a database). This architecture has been used for decades, it still makes sense from the device point of view but not for the application (developer) point of view for many reasons: The …
ntopng

Moving Towards ntopng 1.1

It has been a busy summer here at ntop. Since the initial ntopng 1.0 release, we have tried to fill the gap in terms of missing with respect to the original ntop. This post is to update you about the new features of the upcoming 1.1 release schedule for this fall and that are currently available in the SVN development tree: Ability to support multi-interfaces. This means that you can repeat on the command line “-i <interface>” multiple times, one per interface you want to add. Use of HTTP sessions …
ntopng

ntop is back: ntopng 1.0 just released

After 15 years since the introduction of the original ntop, it was time to start over with a new, modern ntop. We called it ntopng, ntop next generation. The goal of this new application are manyfold: Released under GNU GPL3. Feature a modern, HTML5 and Ajax-based dynamic web interface (caveat: you need a modern browser to use ntopng). Small application engine, memory wise and crash proof. Ability to identify application protocols via nDPI, ntop’s open-source DPI (Deep Packet Inspection) framework. User’s ability to script, extend, and modify ntopng pages coding …