All Blog Posts

ntopng

Data Aggregation in ntopng: Host Pools vs Observation Points
ntopng allows users to aggregate data according to various criteria. In networking, IP addressing (network and mask/CIDR) and VLANs are typical solutions to the problem of aggregating homogeneous hosts (e.g. when hosts carry on similar tasks). Sometimes these aggregation facilities are not flexible enough to cluster hosts that have the same operating system, or flows originated by the same router/switch. In addition to typical network-based criteria such as IP, VLAN, ntopng implements two more data aggregation facilities. Hosts Aggregation: Host Pools A host pool is a logical aggregation of hosts, …
ntop

n2n 3.0 is Here !
During the last year, long discussed ideas turned into implemented functionalities – adding remarkably to n2n’s rich feature set and each of them worthy of note. The level achieved made us think it justified even a major release. Welcome, n2n 3.0 ! Starting from this stable platform, future versions of n2n’s 3.x series will further promote its versatility while keeping up compatibility. To achieve this, development will mainly focus on areas outside the underlying core hole-punching protocol and will include but probably not be limited to connection handling, management capabilities, …
ntop

Introducing PF_RING ZC Support for Mellanox Adapters
PF_RING ZC is ntop’s high-speed zero-copy technology for high speed packet capture and processing. Until now ZC supported 10/40/100 Gbit adapters from Intel based on ASIC chips, in addition to the FPGA-based 100 Gbit adapters already supported by PF_RING including Accolade/Napatech/Silicom. This post is to announce a new ZC driver, known as mlx, supporting a new family of 100 Gbit ASIC-based adapters, this time from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 adapters. The supported ConnectX adapters from Mellanox, in combination with the new mlx driver, demonstrated to be capable of high performance, by …
Webinar

Webinar on Traffic Analysis for Cybersecurity: Current State of the Art and Ongoing Developments
On October 28th at 4 PM CET / 10 AM EST we have organised a webinar on cybersecurity. The idea was to describe in detail what we have implemented so far for tackling cybersecurity events, and what are the future plans and ongoing developments. Topics included nDPI traffic analysis: flow risks and Encrypted Traffic Analysis (ETA). Behavioural traffic analysis. Combining nProbe and ntop with IPS facilities. Beyond nProbe Agent: user and process analysis in monitored flows. For those who have missed the event, here you can find the presentation slides …
tutorials

Introducing ntop Professional Training Service
Many of you are asking professional training, in particular in companies and large installations. Over the years we have produced many software applications that allow you to improve network visibility and block cybersecurity threats. In this over increasing ecosystem, we acknowledge that blog posts and webinars might not be sufficient for everyone. For this reason we have created a professional training service designed for people who want to master ntop products in their daily activities. The idea is to divide the training in 5 session of 90 minutes each, so …
Webinar

October 7th: Webinar on ntopng 5.0. You’re invited !
This is to invite you to the webinar about ntopng 5.0 released this summer. The idea is to walk through the new features and possibilities offered by this version. We hope to see you all ! Webinar Content ntopng was initially designed as a tool for real-time network traffic monitoring, with the release 5.0. we have started its transition from monitoring to an AIOps tool. We wanted to make it more accessible and intelligent, able to analyze network metrics in real-time and collapse tens or even thousands of metrics into …
ntopng

HowTo Monitor Traffic in SMEs and Home Networks: A Primer
In the first part of this series of articles, we focused on monitoring ISPs and MSP traffic. Today we analyse network traffic in SMEs and home networks. The typical network layout of a home or a small business is depicted below.   The ISP provides a router for connecting to the Internet (e.g. xDSL or fibre) that usually also features an embedded access point used by phones, tablets or laptops to connect to the Internet. In order to monitor LAN traffic, the best solution is to replace the current switch …
nProbe

How To Configure Flow and Packet Deduplication in nProbe
Sometimes traffic monitoring requires data deduplication as due to topology or hardware constraints there are some network traffic activities that are monitored by multiple devices, and others that are monitored only by a single device. This means that unless some corrections are configured, traffic measurements are wrong and thus useless. Fortunately, we have implemented some features that allows you to avoid this problem by discarding duplicated traffic before this hits the collector. This is because the collector is overwhelmed by the various activities it has to carry on, so it …
nProbe

HowTo Monitor Customer Traffic in Managed Service Providers and ISPs
ISPs have provided Internet access to customers for years and the only goal was to connect their users to the Internet. Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) deliver network, services and infrastructure on customer premises and have become relatively popular in the past few years. Over time customers started to ask new services, including traffic monitoring, security (here MSSP come into the scene) and visibility. So if you as a MSP, MSSP or ISP and you are wondering how to monitor customer traffic using ntop tools, …
Announce

ntopng 5.0 Is Out: Modern Traffic Monitoring for AIOps and Cybersecurity
ntopng was initially designed as a tool for realtime network traffic monitoring. The idea was to create a DPI-based tool able to report traffic statistics. Overtime we have added the ability to implement active monitoring checks, SNMP, and various other features. However there was a fundamental point that was missing: go beyond traffic reporting, moving towards traffic analysis. The current Grafana-like trend of having several large screens full of dashboards is the opposite of what we believe we should do. This approach requires network and security administrators to be trained …
ntop

Introducing PF_RING 8.0: Batch Packet Processing and XDP Support
This is to announce a new PF_RING release 8.0. This new stable version includes enhancements for improving application performances, by adding support for batch processing also in the standard API (it was already available in the ZC API), and consolidates XDP support, which has been reworked to fully leverage on the latest Zero-Copy support and buffers management and take full advantage of the native batch capture. This release also adds support for the latest kernels to the ZC drivers for Intel adapters, including those shipped with CentOS (8.4) and Ubuntu LTS (20) …
nDPI

Configuring nDPI Flow Risk Exceptions
One of the newest features of nDPI 4 is the ability to identify flow risks. Unfortunately sometimes you need to add exceptions as some of those risks, while correct, need to be ignored. Examples include: An old device that is speaking an outdate TLS version but that you cannot upgrade, and that you have done your best to protect. A host name that looks like a DGA but that it isn’t. A service running on a non-standard port but that works perfectly as is. In order to address the need …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe