This is to announce the released of cento 1.12 that is a maintenance release for ntop’s 100 Gbit probe. In this version we have integrated support of the latest nDPI features to combine processing speed with latest innovations in application detection an cybersecurity. Cento’s JSON output has been greatly enhanced and it includes all the nDPI-dissected information by streaming JSON-based data to Kafka or ElasticSearch/Syslog consumers. This to make cento useful to cybersecurity analysis by combining visibility and security at 100 Gbit by streaming.
Enjoy!
Changelog
New Features
- Core engine performance improvements
- Added risk detection reported in flow dumps and ZMQ
- Improved flow export over ZMQ: TLV format is the default now
- Add support for ZMQ load-balancing and replication
- Add support for ZMQ batch mode
- Add ZMQ CURVE encryption (–zmq-encryption-key )
- More Information Elements are now exported over ZMQ
- New –hash-function|-H option to select the hash function for the flow table
- New –snaplen|-l option to set the capture length
- Add human readable TCP flags in JSON format
- Improved flow export stats
- Added Ubuntu 20 and CentOS 8 support
Changes
- Information Elements exported over ZMQ now use PEN.NTOP-ID
- QUIC improvements
- DNS query is now returned also for MDNS
- nDPI is now dynamically linked to enable extensions and customisations
- Updated flow offload support with Accolade adapters
Fixes
- Fixed application protocol detection with nDPI (packets with no payload, packets timestamp)
- Fixed a few bugs with the ZMQ export and statistics
- Fixed package dependencies
- Fixed packet length check
- Fixed stats in PCAP mode
- Fixed handling of IPv4 packets with zero header length
- Fixed drop counter during application startup