All Blog Posts

ntop

20 Years of ntop: The Conference
Last Friday Oct 26th, at the University of Pisa we have celebrated 20 years of ntop open source code development and hacking culture. It has been a success with over 110 registered people, and 24 people in the morning training session. We decided to celebrate this event where ntop was created, and where most of the team lives. The idea is to periodically repeat this event  in other locations. The core of these meetings is the community, rather than the core team. The main feedback we received is that people …
nDPI

Promoting Traffic Visibility: from Application Protocols to Traffic Categories in nDPI and ntopng
Often we receive emails asking question like: “how many protocols nDPI supports?”, “how do you position nDPI against commercial DPI toolkit A, B, C?”. Although these questions are reasonable, they do not grasp the significance of DPI. For years commercial toolkits have run the race for protocols: I have 200 protocols, I have 1000 protocols, I have 500. Then asking that is the meaning with the term “protocol” people list traffic from to sites like cnn.com or bbc.co.uk. But BBC is not a protocol but rather some traffic (for instance …
ntopng

Securing ntopng with SSL and Let’s Encrypt
As you know ntopng web interface supports both HTTP (default) and HTTPS. The reason why ntopng does not default to HTTPS is because we provide self-signed certificates that web browsers dislike. Fortunately today you can create a free SSL certificate recognised by all browsers by using Let’s Encrypt open certificate authority (CA). This article describes how you can do this in a few simple steps: for simplicity we limit our scope to Ubuntu/Debian but on other distro’s the procedure is similar. Install certbot as described in this article Suppose that you …
nProbe

Using nProbe and ntopng for Collecting and Visualizing Sonicwall Flows
nProbe is both a probe and a NetFlow/sFlow collector. Recently, we’ve also added added the ability to collect flows with proprietary information elements. This greatly improves nProbe flexibility as any custon, vendor-proprietary information element can be understood, correctly parsed, and exported downstream. Adding proprietary information elements to nProbe is a breeze. Indeed, it suffices to use a plain-text file with the elements description. That’s all. Once the fields have been loaded from the plain-text file, they can be treated as if they were regular fields. So for example they can …
nProbe

Introducing nProbe 8.6: Per-Second Measurements and Collection of Proprietary Flows
We are glad to announce the release of nProbe 8.6 stable release. Among the main new features, this release brings: Per-second measurements of flows traffic Ability to collect proprietary (i.e. using non standard information elements) flows These new features come along with a wide range of new extensions and improvements to the currently existing features and, least but not last, security and stability fixes. Let’s have a brief look at the two main new features mentioned above. Per-second Traffic Measurements Getting cumulative measurements with respect to the flow lifetime not …
Guides

Best Practices for the Collection of Flows with ntopng and nProbe
ntopng can be used to visualize traffic data that has been generated or collected by nProbe. Using ntopng with nProbe is convenient in several scenarios, including: The visualization of NetFlow/sFlow data originated by routers, switches, and network devices in general. In this scenario, nProbe collects and parse NetFlow/sFlow traffic from the devices, and send the resulting flows to ntopng for the visualization. The monitoring of physical network interfaces that are attached to remote systems. In this scenario, ntopng cannot directly monitor network interfaces nor it can see their packets. One …
ntop

Workshop and Training: 20 Years of ntop
This is a message for the Italian speaking community willing to attend our 20 years of ntop workshop that will take place in Pisa, Italy, where ntop was born. If there is somebody willing to help us organise a ntop event somewhere else, please contact us as next year we might be able to arrange that too. <Italian> 20 anni fa veniva rilasciata la prima versione di ntop, tool open source per il monitoraggio del traffico di rete tramite interfaccia web. Da quella prima release, dopo 20 anni sono successe …
nEdge

Say hello to ntopng and nEdge 3.6: Timeseries with TimeShift and InfluxDB
ntopng 3.6 release is paving the way to metrics-based traffic analysis. We have finally put ntopng on top of a timeseries-independent layer that allowed us to currently RRD and InfluxDB and in the future other backends. This means that you can now also (you can for instance use ntopng as a flow exporter and as a Grafana data source) use ntopng as a time series datasource (see the timeseries API for further information) or you can analyse data through the ntop web interface that has been greatly enhanced. As you …
nDPI

Introducing nDPI 2.4
This is to announce the release of nDPI 2.4 that is an incremental release mainly introducing the concept of categories in addition to new dissectors and bug fixes. In a nutshell in order to limit the number of custom protocols defined as “if traffic goes from/to Internet domain X then this is protocol X” all these protocols have been grouped into a category. This eases application developers life as they do not have to handle thousand of protocols and simplify configuration. For instance instead of having malware site X, site …
n2n

Introducing n2n 2.4
As announced some months ago, we have resumed the development of n2n, a peer-to-peer VPN we developed some year ago to ease the access to remote ntop installations behind firewalls, that then evolved into a full fledge application. After having put on hold the project for some years fur to lack of time and new priorities, months ago we have decided to resume developments and start developing it again. We have realised that many people started to fork and code on n2n, and thus a part of our work is …
ntop

Introducing @ntop_community Telegram Group
While tools like github and mailing lists can serve developers and experts, sometimes people look for a quick help. For this reason we have create a new Telegram group called @ntop_community that you can use (even from your desktop and mobile) for asking quick help from the community. If you are a ntopng user you can select the “Help and News” menu entry for jumping to the telegram channel. We invite people to join and help supporting other users, as well send us feedback. Thank you! …
nProbe

Introducing per-Second Measurements in nProbe Flow Exports
The need to perform on-time and per-second traffic measurements clashes with protocols such as NetFlow where all counters are cumulative with respect to the flow lifetime. So if you have a flow that lasted 2 minutes and moved X bytes, you have no clue what was the throughput of this flow across the 2 minutes. For this reason people started to shorten flow duration with the drawback of putting a lot of pressure on probes as well to increase the disk space and flow records cardinality on collectors. In essence …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe