All Blog Posts

Guides

Tweaking MySQL to Improve ntopng Flows Storage Space Usage
Edit: MySQL tables engine has been migrated to MyISAM in ntopng 2.4 so this post only applies for versions <= 2.3. This is the first post that tries to give hints on how to tweak MySQL settings to better accomodate flows exported by ntopng. In particular, in this post it is discussed how to improve disk space usage. Hopefully, a series of posts with tips and tricks on how to improve responsiveness and reduce query time will be published in the future. ntopng  MySQL flow export can be enabled using …
n2disk

n2disk 2.6 Just Released
This is to announce the release of n2disk 2.6. In this release we have made many changes to the indexing system adding a new flow-based index that should improve packet retrieval as well pave the way to flow+packet+l7 inspection+index integration that will be completed with the next nProbe cento release that will happen later this month. This will enable you to find packets based on l7 protocol: example you can do “host 192.168.1.3 and l7proto WhatsApp”. Stay tuned for the cento release. Finally we would like to ask the community if …
PF_RING

PF_RING 6.4 Just Released
This is to announce the release of PF_RING 6.4 that contains various improvements, new network adapters supported in ZC mode (including Intel 100 Gbit), and bug fixes. Developers can access the documentation for the PF_RING 6.4 API in Doxygen format. Changelog PF_RING Library Improved Myricom support, new naming scheme to improve usability Improved Napatech support, 100G support Improved Accolade support New Invea-Tech support New API pfring_get_metadata to read ZC metadata New pfring_get_interface_speed API New API pfring_version_noring() C++ wrapper improvements Removed DNA legacy ZC Library New API pfring_zc_set_device_proc_stats to write /proc stats …
n2disk

How to Build a 2×10 Gbit Packet Recorder using n2disk and PF_RING (2016 Update)
Earlier in 2014 we advised how to build a continuous packet recorder using n2disk and PF_RING. Since that time computing architectures have progressed, we have added support for new ethernet controllers, and so it’s now time to refresh that post for all those willing to build a box themselves. The specs below are for 2 x 10 Gbit; for 1 x 10G you can use half of the components in most cases. CPU: we advise an Intel E5 with at least 3 GHz and 8 cores for all options (indexing and …
nDPI

Released nDPI 1.8
This is to announce the release of nDPI 1.8. In this version we have updated many protocol dissectors, simplified the API as well started to introduce changes that will be further improved in future versions. As usual we have changed many protocols dissectors. The whole changelog can be found below. Many thanks to all contributors! Changelog Recoded DNS and QUIC dissectors Code passed checks of static code analysers Added API wrappers (to be used in apps using nDPI) for substring-search ndpi_init_automa() ndpi_free_automa() ndpi_add_string_to_automa() ndpi_finalize_automa() ndpi_match_string() set_ndpi_malloc() set_ndpi_free() Added new ndpi_detection_giveup() …
News

Learn more about ntopng at RIPE72
This week we will attend the RIPE 72 meeting in Copenhagen, DK. Thanks to Martin Winter (co-founder of NetDEF) we will  speak about ntopng at two events on Thursday, May 26th: At 11AM we will introduce ntopng at the Open Source Working Group. At 3PM in room “Akvariet 2” we will run a two hours tutorial about ntopng and current/future ongoing developments we are carrying on. These events would be a good time for learning more about our tools, and for discussing extensions, future work items, issues you would like …
Guides

How to Analyse MikroTik Traffic Using ntopng
MikroTik routers are pretty popular in particular in the wireless community and many users of the original ntop are familiar with it. With the advent of ntopng, we have decided to avoid natively supporting netflow in ntopng due to the many “dialects” a of the protocol and leave to nProbe the task to do the conversion of flows onto something ntopng can understand. For this reason the workflow is the one depicted below: The first thing to do is to configure NetFlow (both v5 and v9 are used) on the MikroTik that cane …
PF_RING

Commoditizing 10/25/40/100 Gbit with PF_RING ZC on Intel FM10K
As you know we’re working at 100 Gbit for a while, not just in terms of network speed, but also in terms of redesigning existing applications for being more efficient and powerful (BTW stay tuned as very soon we will introduce nProbe Cento). With the introduction of the new Intel FM10K ethernet controller family, it is now possible to support 10/25/40/100 Gbit using one single NIC (just replace QSFP+ to change network speed) on a product that is in the 1k USD range for dual port. Another major feature of this product is the embedded programmable …
nProbe

Advanced Flow Collection with ntopng and nProbe
In flow-based monitoring there are two main components: the probe (a.k.a. flow exporter) and the flow collector/analyser. Usually NetFlow/sFlow is a push mode paradigm as network devices have almost no memory/storage and thus they send out data as soon as possible towards a collector. This architecture is suboptimal as the probe is pushing the same data to all collectors (i.e. collector X cannot tell the probe that it is interested only to HTTP-based flows, but it has to collect everything and discard un-needed information) and also because in case a new collector …
nProbe

How to Build a 100$/€ “Augmented” NetFlow/IPFIX Probe
One of main problems of flow-based devices is their high cost or poor monitoring capabilities (nothing beyond IPv4 packets and bytes). At ntop we believe that network visibility is much more than this, as people in 2016 want application performance, deep packet inspection, export to big data system and much more. We’re experimenting with low-cost hardware devices since a long time but we finding a powerful yet cheap device with  embedded port mirror capability isn’t that simple (or cheap). Finally we have found a solution for families and small business who want to …
Features

Exploring Historical Data Using ntopng: Part 2
ntopng is able to deliver monitored traffic flows data to a MySQL server. We have already discussed how to configure ntopng to deliver this data in another blog post. In this article we discuss the new features that allow you to dig deep into the flows dumped to MySQL using the ntopng web GUI. Earlier ntopng releases didn’t allow for thorough historical analyses and were only giving access to recorded flows and providing limited sorting features. With the advances made in the latest ntopng Pro Small Business it is possible to drill-down historical …
Guides

Monitoring BitTorrent Traffic with ntopng
ntopng has been designed not just for network administrators, but also for small companies and in particular for families. How often you have seen traffic on your network that you did not expect and you asked yourself what was that about. A good example is BitTorrent traffic that can be used for efficiently downloading files and not just for copyright-protected content (unfortunately this is how this protocol is usually perceived by the network community). If you are wondering what your colleagues/children are downloading using BitTorrent, now ntopng can help you. In the latest …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe