All Blog Posts

PF_RING

PF_RING 6.0.2 Released: DKMS, Sysdig, Hardware Timestamps and much more
Today we have released a maintenance release of PF_RING that includes many fixes and enhancements. In particular: we have moved our binary packages over DKMS that will make them independent from kernel version that caused you to update whenever a new kernel version was released. Thanks to DKMS this is no longer necessary. We have added sysdig support into PF_RING, so that your PF_RING applications can open the virtual deveice “sysdig” for reading system events without requiring the sysdig library that adds complexity in code development Changelog: PF_RING Library New …
nDPI

Running ntopng and nDPI on MacOSX
On Mac OS X users expect simple tool packaging and installation. Initially we planned to distribute .dmg files containing our apps, but then we have decided that in order to support current and future OSX version more easily, this was not the way to go. For this reason we have added support for packaging systems such as HomeBrew (and soon) MacPorts (work is still ongoing but close to the end). Today if you want to run ntopng and nDPI on your OSX box you have the option to: compile everything by …
nDPI

Released nDPI 1.5.1 and ntopng 1.2.1
Today we have released a maintenance version of both nDPI and ntopng that address minor issues present in the previous stable release. In particular for ntopng we have addressed many small security holes identified by security researchers (our thanks go to Luca Carettoni), and thus we encourage you to upgrade when possible; note that for all these attacks you needed a valid ntopng user and password before to perform them, so their danger level is not too high, but still we encourage you too upgrade. Finally this release contains patches and …
PF_RING

Active vs Passive Polling in Packet Processing
From time to time, PF_RING users ask us whether they should use passive polling techniques (i.e. call pfring_poll()) or use active polling that basically means to implement an active loop until the next packet to process becomes available. All those who have read a programming book or attended university classes, might answer that polling is the answer. This also for various other reasons including energy saving in CPUs.  Unfortunately in practice the story is a bit different. If you want to avoid wasting CPU cycles, when you have nothing to do (i.e. …
PF_RING

Using sysdig from PF_RING (and soon from all ntop apps)
Months ago Draios Inc introduced sysdig a kernel module and user-space library for capturing systems events and thus analyse what is happening on a Linux box. The idea has been immediately appealing for us at ntop, this for many reasons: With our tools we can analyse network packets, extract metadata (e.g. URLs, network delays, username who has performed a certain action), but up to the system. In essence even though we install ntopng or nProbe onto a Linux box (either physical or virtual), we currently see packets and we miss …
ntop

Introducing ntopng 1.2
ntopng 1.2 is the result of  10 months of work. We have tried to both introduce new features, and make the product more robust, easy to use, and modern. The result is a simple tool with a refreshed GUI, user preferences, and new reports to display data in new ways. Leveraging on the multi-interface support, ntopng (unless a specific interface is specified) listens on all network interfaces so that you do not have to play with the command line to move from one interface to others All the tables are …
nDPI

Released nDPI 1.5
Today we have have released nDPI 1.5. The main changes include: Support of additional protocols such as Redis, ZeroMQ, Collectd, Megaco. Fixed bugs in existing protocol dissectors and refreshed protocols that changed since the previous release (e.g Skype that is a real moving target). Major improvements of the sample ndpiReader application: Added 10 Gbit DNA/ZC support when capturing live traffic. Added ability to produce JSON reports when reading pcap file traces. Added new protocol encapsulations such as MPLS, PPPoE. Added new protocol/packets statistics (e.g. Ethernet statistics). Fixed bugs when handling IPv6 packets. Introduced …
ntop

Mini-Tutorial: Fresh Install of ntopng on Centos 7
IMPORTANT: This post contains outdated information. See README.compilation for updated instructions. This is how to compile ntopng in a fresh centos 7 x64 installation For the impatient: # yum install -y subversion autoconf automake make gcc libpcap-devel libxml2-devel sqlite-devel libtool glib2-devel gcc-c++ $ svn co https://svn.ntop.org/svn/ntop/trunk/ntopng $ ./autogen.sh $ ./configure $ make $ ./ntopng --help ntopng x86_64 v.1.1.4 (r7865) - (C) 1998-14 ntop.org <snip> Step by step description Pull the source code from the ntop svn repository. To do this, you need first to install subversion using yum as follows $ …
Announce

Introducing ntop Video Tutorials
We have been asked many times to create some videos that introduce novice users to our tools and products. Although English is not our mother tongue, we have decided to take this request seriously and start uploading them on the ntop channel. This said we need your help and we hope that you will contribute by sharing your videos with the whole community. …
ntopng

Creating a hierarchical cluster of ntopng instances
As you know via ZMQ you can use ntopng as collector for nProbe instances. You can decide to merge all probes into one single ntopng interface (i.e. all the traffic will be merged and mixed) or to have an interface per probe. Example: Start the remote nProbe instances as follows [host1] nprobe --zmq "tcp://*:5556" -i ethX [host2] nprobe --zmq "tcp://*:5556" -i ethX [host3] nprobe --zmq "tcp://*:5556" -i ethX [host4] nprobe --zmq "tcp://*:5556" -i ethX If you want to merge all nProbe traffic into a single ntopng interface do: ntopng -i tcp://host1:5556,tcp://host2:5556,tcp://host3:5556,tcp://host4:5556 If you want to …
n2disk

Visualising n2disk Captured Traffic using CloudShark
Introduction ntop users are familiar with n2disk and the nBox web interface that ease its use. As you know, the nBox includes a small web-based tool that allows you to preview pcap contents.  This tool is good for having an idea of what a pcap contains but it not a fully fledged application. On the other hand CloudShark is the leading application for analysing traffic traces, and thus we have decided to leverage on it for offering the cheapest and most powerful solution for traffic-to-disk and pcap visualisation on the cloud. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe