All Blog Posts

ntopng

Exploring Historical Data Using ntopng
In the original ntopng it was possible to navigate historical information using a so called “Historical Interface”. Such interface was a logical network interface able to read flow data from a SQLite archive and present them on the web interface. This approach had various limitations when it was used to navigate data on a long term window, as all flows had to be restored on memory before visualising them, process that can take a lot of memory and time when data cardinality increases. In the ntopng 2.1 development version, we have …
nProbe

Yes, There’s Life After NetFlow
At ntop we’ve been playing with NetFlow/IPFIX since more than 10 years and been part of its standardisation. While we acknowledge that concept of flow (a set of packets with common properties such as the same IP/port/protocol/VLAN) is still modern, the NetFlow format is now becoming legacy as we have already discussed some time ago. Modern data crunchers such as those belonging to the big data movement or emerging data storage systems (e.g. Solr or ELK) are  based on the concept that information has to be defined on an open format (usually …
Announce

Released nDPI 1.7
This is to announce the release of nDPI 1.7. In addition to many new/updated dissectors, the main change of this release is the ability to identify subprotocols. For instance a DNS request Facebook is not identified as DNS.Facebook (previously only Facebook). This is a great additions for apps that used nDPI to block protocols and that failed due to lack of subprotocol support. We have also revised the core library code so that plugin initialisation is now stored in the plugin itself, making the library core shorter and more readable. …
nDPI

Using ntopng to Implement a WiFi Access Point with Layer 7 Traffic Enforcement
  This post will teach you how to create a cheap WiFi access point able to enforce layer-7 application protocols. In order to do this you can use a cheap RaspberryPi or BeagleBoard with a USB WiFi stick, or use a x86 PC.   The USB stick we use is the following # lsusb Bus 002 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter and once plugged onto a USB port it is immediately recognised by Linux (in this post we use Ubuntu Linux but other distro will …
ntop

Lessons learnt at #SharkFest15
Last week we have made a couple of presentations at SharkFest 2015, introducing to the Wireshark community what ntopng is about. The most interesting part has been the feedback of those who attended the talks who commented on “how to integrate ntopng with Wireshark”. My personal conclusion is that the best way of doing this, is to turn ntopng into a pre-processor for Wireshark; namely use ntopng to permanently monitor a network, detect anomalies, and then analyse them with Wireshark. In fact a packet sniffer cannot be used as a permanent …
June 3, 2015

Exploring your traffic using ntopng with ElasticSearch+Kibana
ntopng allows you to export monitoring data do external sources. For low-traffic sites, SQLite and the ntopng historical interface can be a good option. As your traffic increases you are forced to put your data on a database if you care about performance and long-term data persistency. In future ntopng versions we will add support for additional databases, but for the time being we decided to start with the ELK (ElasticSearch + LogStash + Kibana) paradigm. In this case ElasticSearch (ES) is the database backend, and Kibana the GUI used to …
Announce

Say hello to ntopng 2.0
After 9 months of development, we are pleased to announce the release of ntopng 2.0. This is a major release as we have reworked many application components and made the application robust and usable by mid/large companies and ISPs. We have created two versions of ntopng: Community edition: this is the standard ntopng that you can use free of charge and that implements a robust and easy to use web-based traffic monitoring application. Professional edition: an enhanced version of ntopng that includes modern reports and many new features listed below on this article. …
Announce

Introducing nDPI 1.6
This is to announce the availability of nDPI 1.6, a maintenance release that consolidates this open source deep packet inspection library. This is going to be the last version of the 1.x branch, as we plan (see the enhancements we have planned) major changes for the 2.0 release. Changelog: Moved to github, with continuous testing tools (Travis-CI) and automatic regression testing (via Travis) for improving library quality. New dissector for the QUIC protocol. Major enhancements for Skype, and Tor detection. Reduced memory usage per nDPI flow (up to 40% with …
Announce

News @ ntop: Github, Mobile-Aware web site, IPv6, Travis
Even though these might look like cosmetic changes, we are committed to create better software to serve our community. In the past couple of weeks: We have migrated the server to a new site that is now IPv4 and IPv6. You can now access our software from IPv6 finally. We have moved nDPI, PF_RING and ntopng to github. We hope this will foster collaboration on our software. We are aware that there are areas where we can improve the github integration, but as we’re new to this technology, we invite those …
ntop

Do you want to work for ntop?
As ntop software is increasing in popularity, we need help for supporting our users and working at new developments. Therefore we are looking for someone to join our development time, help us, and assist the user community.   Job Description We are looking for a candidate located in Italy or in a similar time zone (CET) willing to work remotely or (better) at our main location in Pisa. We offer semi-flexible working hours with a set of time to be allocated every day Mon-Fri during standard working hours (9 AM …
PF_RING

PF_RING Deep Dive: Interview with Ivan Pepelnjak
In late March, Ivan Pepelnjak interviewed me on Software Gone Wild about ntop and ntopng, and in a second interview about PF_RING. The main topic of the second interview have been: What is the difference between PF_RING and the Linux built-in packet capturing module; How can you process over 10 million packets per second per CPU core? Do you need special device drivers for PF_RING or can you use the standard Linux NIC drivers? How does a packet processing application interact with the PF_RING library? How do you spread packets across multiple cores, multiple …
PF_RING

PF_RING 6.0.3 Just Released
Today we have released PF_RING 6.0.3,  a maintenance release that includes many fixes and small changes. The release changelog is listed below. PF_RING Library New pfring_open() flag PF_RING_USERSPACE_BPF to force userspace BPF instead of in-kernel BPF with standard drivers New API pfring_get_card_settings() to read max packet length and NIC rx/tx ring size New Napatech support Support for up to 64 channels with standard drivers, pfring_set_channel_mask() has a 64bit channel mask parameter now Reworked IPv6 parsing Configure parameter –disable-numa to remove libnuma dependency ARM fixes Minor bpf memory leak fix ZC …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe