Most programmers and network/security administrators are familiar with the Python language. As from time to time we receive requests from our users for creating custom reports, or extracting other type of data (e.g. alerts or timeseries) from ntopng, we have decided to create a Python API for ntopng. Such API allows developers to extract data […]
HowTo Use Periodic Traffic Analysis in Cybersecurity
Since v5 ntopng has the ability to detect periodic activities, i.e. activities that are repeated periodically at a given pace (note that each activity can have a different frequency, and ntopng is able to detect them). Periodic activities are not bad per se (e.g. an email application fetches new messages every 5 minutes) but it […]
HowTo Monitor Zoom Performance and Video/Call Quality
Zoom is a popular platform for video communications and team collaboration. As many other cloud services, network administrators need to supervise Zoom network traffic usage. DPI toolkits such as nDPI are useful for identifying Zoom traffic for supervising the network bandwidth used by your Zoom calls. Recently we have took advantage of this research work […]
What’s New in ntopng: Network Assets
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Asset Map. Have you ever asked yourself, what are the NTP servers in your network? Or, are […]
Introducing Lua-based Host and Flow Behavioural Checks
With ntopng version 5 we have migrated performance sensitive sections of the ntopng engine from Lua to C++. This has enabled ntopng to scale up nicely while reducing resource needs such as CPU and memory. The drawback is that writing behavioural checks in C++ is not something that everyone can do. For this reason we […]
What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, […]
HowTo Deploy nProbe and ntopng on the Cloud
Some of our customers deploy ntopng on the cloud in order to collect flows coming from private nProbe instances often deployed on private networks or clouds. Thanks to ZMQ/Kafka communications, data sent by nProbe to ntopng travel encrypted; this is contrary to many other cloud-based collectors that instead receive clear-text IPFIX/NetFlow flows sent by exporters […]
Deploying ntopng at Scale: Jessa Ziekenhuis
This is a report from one of our users from the field, who decided to use ntopng to monitor a large network. Many thanks to Bjorn for sharing this information with our community. Our network Jessa Ziekenhuis is one of the biggest, non-academic, hospitals in Belgium. Spread over 4 campuses, we manage 3 data […]
What’s New in ntopng: Host Traffic Analysis
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about Host Traffic Analysis. When analyzing traffic generated by a host, one of the main metrics we are interested […]
Howto use Kafka (instead of ZMQ) For Reliable Flow Collection and IPC
Historically, we have used ZMQ for interconnecting nProbe to ntopng, as this is a fast and simple messaging system. However one of they key advantage of ZMQ of being broker-less is sometime a problem. In case of maintenance, traffic peaks, or unreliable communications, the ZMQ communication between nProbe and ntopng will drop flows with the […]