The Problem Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot […]
What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, […]
Incident Analysis: How to Correlate Alerts with Flows and Packets
In incident analysis it is important to provide evidence of the problem at various level of details: Alerts Alerts are the result of traffic analysis (in ntopng based on checks) that have detected specific indicators in traffic that triggered the alert. For instance a host whose behavioural score has exceeded a given threshold or a […]
Introducing ntop Professional Training Service
Many of you are asking professional training, in particular in companies and large installations. Over the years we have produced many software applications that allow you to improve network visibility and block cybersecurity threats. In this over increasing ecosystem, we acknowledge that blog posts and webinars might not be sufficient for everyone. For this reason […]
Infrastructure Monitoring: Observing The Health and Status of Multiple ntopng Instances
Introduction Quis custodiet ipsos custodes? (Juvenal). In other words: who will guard the guards themselves? If you use ntopng to monitor your network, you also need to make sure ntopng is monitored as in case of failure, ntopng will not report any alert, and the network administrator can interpret that as a sign of good […]
nProbe IPS: How To setup an Inline Layer-7 Traffic Policer in 5 Minutes
Introduction Recently, we have added Intrusion Prevention System (IPS) capabilities to our nProbe. Those capabilities are available starting from the latest 9.5 version, both for Linux and FreeBSD – including OPNsense and pfSense, and are available with all nProbe versions and licenses (see the product page for additional details). On Linux, nProbe leverages the netfilter […]
How enable DPI-based Traffic Management in pfSense using nEdge
We have been receiving several inquiries from pfSense users who would love to complement the classical firewall-style pfSense features with the inline Layer-7-based traffic policing offered by nEdge. Being able place pfSense and nEdge side by side allows to overcome the common belief which sees the bad guys on the Internet and the good guys […]
sFlow Collection and Analysis with nProbe and ntopng
sFlow, short for sampled Flow, is a sampling technology designed to export network devices information, namely: Interface counters (à la SNMP MIB-II); Traffic packets (à la ERSPAN). sFlow agents run on switches, routers, firewalls and other devices, and periodically export interface counters and traffic packets via UDP towards one or more sFlow collectors. sFlow, relying […]
Using nProbe for Collecting Ixia IPFIX with IxFlow extensions
Ixia allows to enrich IPFIX records with value-add extensions. Additional information that can be exported, along with standard fields such as source and destination IP addresses, include: Geographical information such as region IP, latitude and city name Application ID or name, device, browser and even SSL cipher used Detail on application and handset (device) type […]
Using nProbe and ntopng for Collecting and Visualizing Sonicwall Flows
nProbe is both a probe and a NetFlow/sFlow collector. Recently, we’ve also added added the ability to collect flows with proprietary information elements. This greatly improves nProbe flexibility as any custon, vendor-proprietary information element can be understood, correctly parsed, and exported downstream. Adding proprietary information elements to nProbe is a breeze. Indeed, it suffices to […]