All Blog Posts

ntop

Introducing nProbe Agent: Packetless, System-Introspected Network Visibility
A few months ago at FOSDEM we introduced the concept of network and container visibility through system introspection and we released an opensource library based on eBPF that can be used for this scope. Based on this technology, we created a lightweight probe, nProbe™ Agent (formerly known ad nProbe mini), able to detect, count and measure all network activities taking place on the host where it is running. Thanks to this agent it is possible to enrich the information extracted with a traditional probe from network traffic packets, with system data such as users …
ntop

Talking about Network, Service, and Container Monitoring at InfluxDays
Later this week the ntop team will attend InfluxDays, June 13-14, London, UK. We’ll be talking about traffic monitoring in containerised environments, and give you an outlook of our roadmap.    If you are attending this event (we’ll have a booth at InfluxDays), or if you live in London and want to meet us, please show at the event to contact us so we can arrange an informal meeting and hear from you. We need feedback from our users so that together we can plan the future of ntop. Hope …
cento

Released nProbe Cento 1.8
This is to announce the release of nProbe Cento 1.8 stable release. This is a maintenance release where we have made many reliability fixes and added new options to integrate this tool with the latest ntopng developments. We suggest all our users to update to this new release so you can benefit from the enhancements. New Features Added –json-labels option to print labels as keys with JSON Added –tcp : option to export JSON over TCP export Added –disable-l7-protocol-guess option to disable nDPI protocol guess Support for ZMQ flows export …
nDPI

TLS/SSL Analysis: When Encryption and Safety Are Not Alike
Most people think that SSL means safety. While this is not a false statement, you should not take it for granted. In fact while your web browser warns you when a certain encrypted communication has issues (for instance them SSL certificates don’t match), you should not assume that SSL = HTTPS, as: TLS/SSL encryption is becoming (fortunately) pervasive also for non web-based communications. The web browser can warn you for the main URL, but you should look onto the browser development console for other alerts (most people ignore the existence …
News

Telemetry Data in ntopng: Giving Back to the Community
The latest ntopng 3.9 dev gives you the possibility to choose whether to send telemetry data back to ntop. We collect and analyze telemetry data to diagnose ntopng issues and make sure it’s functioning properly. In other words, telemetry data help us in finding and fixing certain bugs that may affect certain versions of ntopng. And don’t worry, we won’t use any data to try and identify you. However, if you want to, you can decide to provide an email address we can use to reach you in case we …
nProbe

Packets vs Flows: Which Option is the Best?
One of the most difficult steps on a monitoring deployment scenario is to choose where is the best point where traffic has to be monitored, and what is the best strategy to observe this traffic. The main options are basically: Port Mirroring/Network Tap NetFlow/sFlow Flow Collector Port Mirroring/Network Tap Port mirroring (often called span port) and network tap have already been covered on a previous post. They are two techniques used to provide packet access that often are the best way to troubleshoot network issues as packets are often perceived as the …
ntop

ntopConf 2019 Retrospective
On May 8-9th we have organised our yearly event, in Padova, Italy. The first day was dedicated to training and the second day to the conference. Overall about 150 people attended the event, and we’re glad of it. Our gratitude goes to the speakers, Wintech that took care of logistics, and to all those that made this event a success. Below you can find the presentation slides used during the conference. Roberto Pezzile, Mirco CailottoL’uso di Ntop come strumento di monitoraggio Layer 7 per i servizi di full outsourcing [IT] Luca …
ntop

Monitoring Containerised Application Environments with eBPF
Earlier this week ntop and InfluxData held a joint webinar about monitoring containerised applications. We have discussed solution for monitoring both legacy (e.g. non-containerised) and containerised applications, what are the technologies we can use. As most of you know, we have developed libebpfflow that is an open source library for generating IPFIX-like flows not using packets but system events we capture with eBPF. In addition to this, we are developing a new version of the nProbe product family that is able to also exploit Netlink to complement eBPF statistics with traffic counters. …
ntopng

Detecting Hidden Hosts and Networks on your (shared) LAN
In theory on switched networks each portion of a LAN is independent. This means that for instance that network 192.168.1.0/24 and 192.168.2.0/24 are using different switch ports that communicate through a router,  and also that are not sharing the same physical network. Unfortunately sometimes people violate this principle by putting on the same physical port multiple networks. The reasons are manyfold: You want to run a VM on your host that can (silently) communicate with other devices and thus you want to use a different network address plan. You use …
Features

How enable DPI-based Traffic Management in pfSense using nEdge
We have been receiving several inquiries from pfSense users who would love to complement the classical firewall-style pfSense features with the inline Layer-7-based traffic policing offered by nEdge. Being able place pfSense and nEdge side by side allows to overcome the common belief which sees the bad guys on the Internet and the good guys on the Local Area Network (LAN). Bad guys are on the Internet and this is true. Period. However, bad guys are also on the LAN, especially today in the Bring-Your-Own-Device (BYOD) era. Think to infected …
Announce

ntopng Multilanguage Support: EN, IT, DE and JP
We are happy to announce that ntopng has gone fully international! The following languages are now officially supported: English Italian Japanese German Language files are completely opensource, meaning that you can choose your preferred ntopng language, no matter if you are a community, Professional or Enterprise user! Languages are supported on a per-user basis, hence, multiple ntopng users (both administrators and normal users) can simultaneously use ntopng, each one with his/her language of choice. Switching the language is a breeze. Just visit the “Manage Users” page, select the user of …
Announce

Cento 1.6 Stable Just Released
After more than one year since the latest stable release, we are glad to announce cento 1.6-stable. This new release brings stability, fixes and several new features. Among the new features, it is worth mentioning that: Flows can be exported in a standardized JSON to text files. By default, a user cento runs and owns both the process and process files. This makes running cento more secure than using root. In addition, any user in the system can be used to run cento. A capture direction can be indicated so …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe