Using Traffic Rules To Supervise Network Traffic

Posted · Add Comment

The Problem Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot […]

Incident Analysis: How to Correlate Alerts with Flows and Packets

Posted · Add Comment

In incident analysis it is important to provide evidence of the problem  at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected specific indicators in traffic that triggered the alert. For instance a host whose behavioural score has exceeded a given threshold or a […]

Introducing ntop Professional Training Service

Posted · Add Comment

Many of you are asking professional training, in particular in companies and large installations. Over the years we have produced many software applications that allow you to improve network visibility and block cybersecurity threats. In this over increasing ecosystem, we acknowledge that blog posts and webinars might not be sufficient for everyone. For this reason […]

nProbe IPS: How To setup an Inline Layer-7 Traffic Policer in 5 Minutes

Posted · Add Comment

Introduction Recently, we have added Intrusion Prevention System (IPS) capabilities to our nProbe. Those capabilities are available starting from the latest 9.5 version, both for Linux and FreeBSD – including OPNsense and pfSense, and are available with all nProbe versions and licenses (see the product page for additional details). On Linux, nProbe leverages the netfilter […]

sFlow Collection and Analysis with nProbe and ntopng

Posted · Add Comment

sFlow, short for sampled Flow, is a sampling technology designed to export network devices information, namely: Interface counters (à la SNMP MIB-II); Traffic packets (à la ERSPAN). sFlow agents run on switches, routers, firewalls and other devices, and periodically export interface counters and traffic packets via UDP towards one or more sFlow collectors. sFlow, relying […]

Using nProbe for Collecting Ixia IPFIX with IxFlow extensions

Posted · Add Comment

Ixia allows to enrich IPFIX records with value-add extensions. Additional information that can be exported, along with standard fields such as source and destination IP addresses, include: Geographical information such as region IP, latitude and city name Application ID or name, device, browser and even SSL cipher used Detail on application and handset (device) type […]

Using nProbe and ntopng for Collecting and Visualizing Sonicwall Flows

Posted · Add Comment

nProbe is both a probe and a NetFlow/sFlow collector. Recently, we’ve also added added the ability to collect flows with proprietary information elements. This greatly improves nProbe flexibility as any custon, vendor-proprietary information element can be understood, correctly parsed, and exported downstream. Adding proprietary information elements to nProbe is a breeze. Indeed, it suffices to […]