ntopng

cento

Enabling Zeek and Suricata On-Demand at 40/100 Gbit using PF_RING
Overview Those of you who have some experience with IDS or IPS systems, like Zeek and Suricata, are probably aware of how CPU intensive and memory consuming those applications are due to the nature of the activities they carry on (e.g. signatures matching). This leads to high system load and packet loss when the packet rate becomes high (10+ Gbi+) making these IDSs unlikely to be to deployed on high-speed networks. As nProbe Cento can analyse networks up to 100 Gbit while using nDPI for ETA (Encrypted Traffic Analysis), ntopng …
ntopng

OpenAPI: ntopng REST API for Software Developers
Maybe not all of you know that ntopng powers in some popular monitoring systems such as CheckMK and Centreon. The integration is made possible through the ntopng REST API (REST stands for REpresentational State Transfer) that allows developers to manipulate ntopng configuration and query monitored information including hosts, flows, alerts and historical data. Recently we have integrated the ntopng API specified according to OpenAPI into ntopng by using the swagger open-source tool. All you need to do is to update your ntopng (dev) copy and access the embedded REST API …
Cybersecurity

OT, ICS, SCADA: IEC 60870-5-104 in ntopng
What is OT, ICS, SCADA ? Operational Technology (OT) refers to computing systems that are used to manage industrial operations or process operations, like water treatment, electrical power distribution or wrapping a chocolate in foil. ntopng supports some Industrial control systems (ICS) protocol often managed via a Supervisory Control and Data Acquisition (SCADA) systems. Via nDPI it can detect protocols such as Modbus, IEC 60780 or BACnet. In addition to this, ntopng has extensive detection and monitor capabilitiesfor some protocols OT protocols/ ntopng “Generic” Monitoring ntopng is a monitoring tool …
Announce

Introducing Smart Recording in n2disk: Combining Cybersecurity with Packet-to-Disk
In short Continuous network traffic recorders are applications (or appliances) that write network traffic on disk. In case of issues (e.g. security breach or network outage) they enable network and security analysts to go back in time and see how a problem originated. The main limitation of this practice is that a lot of data it is written to disk even when there is nothing special happening on the network. Similar to the evolution of surveillance cameras that implemented “motion detection” to trigger recording when some meaningful even happen, this …
nProbe

Now available ntopng/nprobe ARM64 Docker Images
Supporting 64 bit ARM platforms is important because there is now a plethora of inexpensive boards based on this architecture. Thanks to the use of docker containers, several manufacturers allow their devices to take advantage of this technology to run third-party software on devices that used to be not extensible. Here you can read how to run ARM64 containers on Mikrotik devices (soon we’ll publish a separate post on this subject). For this reason starting this month, we’ll publish weekly updates of ARM64 docker images that you can run on …
nProbe

How To Analyse Asymmetric VLAN Traffic
A VLAN is a method for partitioning a layer two broadcast domain creating virtual networks of homogeneous systems hence promoting network segmentation. A ethernet port with no VLAN tag is called access port, whereas a switch port with VLAN-tagged packets is called tagged or trunk port. End systems are usually connected to access ports meaning that they deal with untagged packets that are then marked by the switch according to the VLAN port configuration. For this reason a end system is not aware of the VLAN id that is used …
nProbe

How Flow-Based Traffic Classification Works
Many ntop products such as ntopng, nProbe, and PF_RING FT just to name a few are based on network flows. However not all our users know in detail what is a network flow, and how it works in practice. This blog post describes what they are and how they work in practice. What is a network flow? A network flow is a set of packets with common properties. They often are identified by a 5-tuple key meaning that all packets of a given flow have the same source and destination …
ntopng

Going Beyond 5-Tuple in Network Flow Analysis
Traditionally flow-based tools are based on the 5-tuple attributes (source and destination IP, source and destination port and the protocol field). Often they are complemented with additional attributes such as VLAN or Tunnel Id in order to avoid mixing in the same flow packets that belong to different communications.  The above picture shows the 5-tuple key in the live flows window. Looking at flows using the 5-tuple makes sense if we want to understand what it is happening at the individual flow level, but it makes difficult to understand the …
ntopng

Announcing ntop Professional Training: May 2023
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training: . This is to announce that in May we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 2nd, 4th, 9th, 11th 16th, 23rd of May, 2023 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session …
ntopng

How to Keep your Infrastructure Healthy with ntopng
Almost 3 years ago we introduced Active Monitoring support in ntopng. This allows you to monitor the infrastructure and make sure that all systems are operational. In fact ntopng can continuously monitor hosts in your network by periodically running different active measurements including: ICMP, which measures the RTT (Round Trip Time). Continuous ICMP, which evaluates network reachability and service availability. Speedtest, which estimates the Internet bandwidth and latency contacting a speedtest server. HTTP(S), which checks the HTTP/HTTPS availability of web servers. Throughout, which tests the throughput contacting an HTTP server. As a …
ntopng

ntop Webinar: Introduction to ntopng 5.6 and the New nBox UI
This is to invite you to attend a webinar about ntopng 5.6. This webinar will walk you through the innovations introduced with ntopng 5.6 stable release that we introduced at the end of January. You can learn the new features and get acquainted with the changes that have been introduced in the web interface. Finally, we will introduce a completely new release of the nBox GUI that you can use to manage installations of ntop applications. Below you can find the video of the webinar.   Enjoy ! …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe