ntopng

nDPI

How to Enforce Layer-7 Traffic Policies Using ntopng
ntopng has been traditionally used to passively monitoring network traffic. However as years ago  IDS (Intrusion Detection System) became mature products and eventually became IPS (Intrusion Prevention System), it was time to add inline traffic capabilities in ntopng. This post gives you s sneak preview of this new feature (still under development) that will be included in the upcoming ntopng release. The idea is to combine network traffic monitoring with traffic enforcement so that you can use ntopng not just for monitoring your users (or your children if you are …
ntopng

Using ntop Applications with Docker and OpenStack
In order to ease the deployment of our applications, in addition to source code distribution, we have released binary packages (x64 and ARM) for CentOS/RedHat and Ubuntu/Debian. For PF_RING, that requires to be compiled against the installed kernel version, we have moved to DKMS so that you are no longer required to use the same kernel version we use for packaging it. However the current trend is going towards virtualised environments (not just VMs such as VMware) and IaaS (Infrastructure as a Service) and thus we need to support them.   Docker …
nProbe

Combining System and Network Visibility using nProbe and Sysdig
Introduction When in 1998 we have started the development of the original ntop, there were many Unix tools for monitoring network traffic: ping, tcpdump, netstat, and many others. Nevertheless we have decided to develop ntop, because there was no tool able to show on a simple way what was happening on our network. Early this year we have started the development of some experimental PF_RING kernel module extensions able to give ntop applications visibility of process activities, this in order to bind network traffic with a process name. We have lived once more the …
nDPI

Running ntopng and nDPI on MacOSX
On Mac OS X users expect simple tool packaging and installation. Initially we planned to distribute .dmg files containing our apps, but then we have decided that in order to support current and future OSX version more easily, this was not the way to go. For this reason we have added support for packaging systems such as HomeBrew (and soon) MacPorts (work is still ongoing but close to the end). Today if you want to run ntopng and nDPI on your OSX box you have the option to: compile everything by …
nDPI

Released nDPI 1.5.1 and ntopng 1.2.1
Today we have released a maintenance version of both nDPI and ntopng that address minor issues present in the previous stable release. In particular for ntopng we have addressed many small security holes identified by security researchers (our thanks go to Luca Carettoni), and thus we encourage you to upgrade when possible; note that for all these attacks you needed a valid ntopng user and password before to perform them, so their danger level is not too high, but still we encourage you too upgrade. Finally this release contains patches and …
ntopng

Creating a hierarchical cluster of ntopng instances
As you know via ZMQ you can use ntopng as collector for nProbe instances. You can decide to merge all probes into one single ntopng interface (i.e. all the traffic will be merged and mixed) or to have an interface per probe. Example: Start the remote nProbe instances as follows [host1] nprobe --zmq "tcp://*:5556" -i ethX [host2] nprobe --zmq "tcp://*:5556" -i ethX [host3] nprobe --zmq "tcp://*:5556" -i ethX [host4] nprobe --zmq "tcp://*:5556" -i ethX If you want to merge all nProbe traffic into a single ntopng interface do: ntopng -i tcp://host1:5556,tcp://host2:5556,tcp://host3:5556,tcp://host4:5556 If you want to …
ntopng

Scripting ntopng with Lua
The ntopng architecture is divided in three layers: Ingress layer (flow or packet capture). Monitoring engine: the ntopng core. Lua scripting engine Data export layer (via web, syslog or log files). Thanks to the scripting engine, ntopng is fully scriptable. This means that via Lua you can extract the monitoring information and report it into HTML pages or export it to third party applications. The ntopng Lua API is pretty simple it consists of two classes, ntop and interface. ntopng also comes with some example scripts that highlight the main …
ntopng

ntopng 1.1 Released
This is to announce the release of ntopng 1.1. The main changes with respect to 1.0 include: Enhanced web GUI with new menus and extension of previous sections. Ability to specify multiple interfaces simulatenously (just repeat -i). Performance improvements both in nDPI and the ntopng engine (yes multi-Gbit traffic analysis is possible). Several enhancements to the flow collection interface (note that you need the very latest nProbe) that is not much faster and written in native C++ code. Added Google Maps support and HTML 5 map geolocation support. Ability to save …
ntopng

ntopng Tutorial @ LinuxDay 2013
Last Saturday 26th of October, we have presented a tutorial on ntopng at the Italian LinuxDay 2013. The slides we used for this presentation can be used to learn the idea behind ntopng and highlight the main design principles. We are also glad that this presentation has been accepted for submission consideration at the Italy in a Day contest, so it might have the chance to become part of this upcoming movie. …
nProbe

Using ntopng and nProbe on the BeagleBone (small is beautiful)
For years we enjoyed pushing the limits of our software products (our nBox recorder is able to handle multi-10Gbit interfaces for instance), but our roots are not there. All started in 2003 with this small PowerPC-based nBox where we have first integrated nProbe into it. Now after 10 years, it is time to rethink all this and try again. On the market there are several small and cheap platforms such as the Raspberry Pi, the BeagleBone Black and the EdgeMax that are ideal platforms for our apps. We have then decided …
nProbe

Why nProbe+JSON+ZMQ instead of native sFlow/NetFlow support in ntopng?
Both sFlow and NetFlow/IPFIX are the two leading network monitoring protocols used today on the market. They are two binary protocols encapsulated over UDP, with data flowing (mono-directional) from the probe (usually a physical network device or a software probe such as nProbe)  to the collector (a PC that receives traffic and handles is or dumps it on a database). This architecture has been used for decades, it still makes sense from the device point of view but not for the application (developer) point of view for many reasons: The …
ntopng

Moving Towards ntopng 1.1
It has been a busy summer here at ntop. Since the initial ntopng 1.0 release, we have tried to fill the gap in terms of missing with respect to the original ntop. This post is to update you about the new features of the upcoming 1.1 release schedule for this fall and that are currently available in the SVN development tree: Ability to support multi-interfaces. This means that you can repeat on the command line “-i <interface>” multiple times, one per interface you want to add. Use of HTTP sessions …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe