All Blog Posts

nDPI

How to Enhance Wireshark with DPI, latency measurement and more
This week at Sharkfest US 17, we have presented the ntop contributions to wireshark. In particular: How to use nDPI to complement Wireshark traffic classification How to remote capture on a remote box at 10/401/100 Gbit and stream traffic securely to wireshark via SSH Same as above but extracting packets from TBytes (of pcaps)  using pcap indexes How to turn wireshark into a traffic monitoring tool able to measure traffic and network latency. For those who have not attended the session (recording will appear soon on the sharkfest web site), …
ntopng

Integrating ntopng with Grafana
Last week the NYC Metrics and Monitoring meetup invited ntop to give a talk. The topic was how to open ntopng so that it can become a gateway for producing network metrics that could be used by popular applications and frameworks such as Snap-io, Prometheus or Influx. The first result of this activity is the integration of ntopng with Grafana that we plan to complete in July. Here you can see the presentation slides  where you can have an idea of the work we’re doing. If you are interested in using …
nProbe

Introducing nProbe 8.0, the ntopng flow companion
The current nProbe 8.0 release contains many changes with respect to the 7.x series. We have optimised the code, added the ability to collect non standard fields (e.g. Cisco AVC), improved Kafka export, and reworked many tiny details to make the tool a stable solution for all those looking for a flexible and versatile flow probe and collector. For all those interested in the whole changelog, below you can find the main changes we have implemented in the past months. In summary we have made nProbe better adding new extensions, …
ntopng

Introducing ntopng 3.0
If you have enjoyed ntopng 2.x, we believe you will like 3.0 even more as we have worked for almost one year to this release. We have modified many things, improved security in ntopng (in the cybersecurity days this is the least we could do), added layer 2 visibility, improved metrics calculations, added alerts support (even on the go), improved significantly the Windows version (yes Win 10 is supported out of the box), improved performance, reworked the GUI in many aspects, improved significantly the inline traffic mode, improved FreeBSD support. As …
nDPI

Say hello to nDPI 2.0 (with wireshark integration)
nDPI 2.0 is a major release that: Consolidates the API, in particular for guessing new protocols or notifying nDPI that for a given flow there are no more packets to dissect. Introduces nDPI support into Wireshark by means of a lua script and extcap plugin. Available via an extcap interface, the plugin sends Wireshark the nDPI-detected protocols by adding an ethernet packet trailer that is then interpreted and displayed inside the Wireshark GUI using the companion lua script. If you’re planning to attend the Sharkfest US 2017, we will present …
cento

Webinar: Security Monitoring with 1:1 NetFlow and 100% Packet Capture
Latest news: Napatech has decided to reschedule the webinar. A new date will be announced when available. Thu May 23rd and 25th together with Napatech we have organised two webinars about monitoring network traffic using flow-based technologies. We will be talking about 100 Gbit network traffic monitoring. Flow-based monitoring including nProbe Cento. 100% packet capture with no loss combining Napatech NICs and PF_RING ZC You can register here to save your seat.  Hope that many of our users will attend these webinars. …
ntopng

Detecting and Fighting Ransomware Using ntopng (yes including WannaCry)
These days many people are talking about ransomware and in particular of the problems created by WannaCry. Some ntop users contacted us asking if they could use our tools for detecting and stopping ransomware. While the best solution to these issues is to properly implement network security (that is a process, not a product in our opinion) by designing the network properly and keeping hosts updated,  it is usually possible to use ntopng to detect infections, block most of them, and have a list of hosts that might have been …
ntopng

Monitoring Network Devices with ntopng and SNMP
Summary SNMP is widely used for network monitoring. Being able to remotely monitor network devices is fundamental to have a clear picture of present and past network health. ntopng systematically interacts with SNMP devices to provide historical and real-time insights on the network. ntopng SNMP support Simple Network Management Protocol (SNMP) is one of the de-facto standards used to remotely monitor network devices such as routers, switches and servers, just to name a few. With ntopng Enterprise it is possible to consistently and programmatically interact with those devices to have a real-time view …
ntop

Monitoring IoT and Fog Computing: Challenges and Solutions
Since last year we are designing a solution for monitoring IoT and Fog computing devices. This is becoming a hot argument since they are more and more used to create large Internet attacks and also because our privacy can be affected by this new computing trend. While we do not have a complete solution ready, we have some preliminary results and lessons learnt that are worth to be shared with our community. This is a presentation we created on this subject and that has been shown at the Wurth-Phoenix Roadshow (BTW …
ntop

Introducing nScrub: Powerful yet Affordable DDoS Mitigation
ntop has always tried to make the Internet a better place by developing many open-source network monitoring tools, and releasing all the software at no cost to non-profit and education. A few years ago, Qurium/VirtualRoad, a swedish foundation offering secure hosting to independent online news outlets and human rights organisations, contacted us. The reason was that after years mitigating attacks using proprietary appliances and servers running customised Linux kernel code based on netfilter, they reached the conclusion that those solutions were not affordable, or flexible, or fast enough. Their experience with …
n2disk

Introducing n2disk 2.8 with Microburst Detection
Together with PF_RING 6.6, today we also released n2disk 2.8. In this release we introduced support for microburst detection in order to spot traffic bursts, which is crucial in identifying potential capacity issues and troubleshooting packet loss in network equipments. We also improved our “fast” BPF engine extending the supported primitives, and improving the ability to match tunneled traffic. More tools have been added, for playing with the dump set, for instance for moving part of the dump set to an external storage, or deleting PCAP files in a specified time …
PF_RING

PF_RING 6.6 Just Released
After almost one year of development, this is to announce the release of PF_RING 6.6. In this release we have worked on different areas: Introduced nBPF, a software packet-filtering component similar to BPF, that is able to exploit hardware packet filtering capabilities of modern network adapters and transparently deliver these facilities to user-space applications such as nProbe and ntopng, or non-ntop applications such as Wireshark and Suricata. Improved PF_RING ZC Intel 40 Gbit drivers to transparently provide users that ability to use these NICs without having to pay attention to …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe