All Blog Posts

nProbe

Running nProbe and ntopng on Ubiquity EdgeRouter Lite

On this blog we have already discussed on how to compile and run ntopng and nProbe on a BeagleBoard and Raspberry Pi. Now we explain (courtesy of  Shane Graham) how to achieve the same on a Ubiquity EdgeRouter Lite, a cheap yet powerful router. First, setup the proper Debian repository: configure set system package repository squeeze components 'main contrib non-free' set system package repository squeeze distribution squeeze set system package repository squeeze url http://http.us.debian.org/debian set system package repository squeeze-security components main set system package repository squeeze-security distribution squeeze/updates set system package repository …
PF_RING

Accelerating Suricata with PF_RING DNA

Below you can find an excerpt of the “Suricata (and the grand slam of) Open Source IDPS” article written by our friend Peter Manev (Suricata core team) describing how to install and configure PF_RING, DNA and Suricata. The original blog entries can be found at Part One – PF_RING and Part Two – DNA. ————- Part One – PF_RING If you have pf_ring already installed, you might want to do: sudo rmmod pf_ring If you are not sure if you have pf_ring installed , you can do: sudo modinfo pf_ring …
ntopng

ntopng 1.1 Released

This is to announce the release of ntopng 1.1. The main changes with respect to 1.0 include: Enhanced web GUI with new menus and extension of previous sections. Ability to specify multiple interfaces simulatenously (just repeat -i). Performance improvements both in nDPI and the ntopng engine (yes multi-Gbit traffic analysis is possible). Several enhancements to the flow collection interface (note that you need the very latest nProbe) that is not much faster and written in native C++ code. Added Google Maps support and HTML 5 map geolocation support. Ability to save …
ntopng

ntopng Tutorial @ LinuxDay 2013

Last Saturday 26th of October, we have presented a tutorial on ntopng at the Italian LinuxDay 2013. The slides we used for this presentation can be used to learn the idea behind ntopng and highlight the main design principles. We are also glad that this presentation has been accepted for submission consideration at the Italy in a Day contest, so it might have the chance to become part of this upcoming movie. …
ntop

Upcoming ntop meetings: Nürnberg, Luxembourg, Pisa, Milano.

Next week is going to be a busy week for us as we’ll (Luca and Alfredo) be make a short tour in Europe to present ntopng and the latest ntop apps. October 23rd,  Open Source Network Conference, Nürnberg, Germany. October 24-25th, Hack.Lu and Suricata Team, Luxembourg City, Luxembourg. October 26th, Linux Day 2013, Pisa, Italy. October 29th, Open Source Conference 2013, Milano, Italy. We would like to meet ntop users and hear their feedback, criticism and suggestions. See you next week! …
nProbe

Using ntopng and nProbe on the BeagleBone (small is beautiful)

For years we enjoyed pushing the limits of our software products (our nBox recorder is able to handle multi-10Gbit interfaces for instance), but our roots are not there. All started in 2003 with this small PowerPC-based nBox where we have first integrated nProbe into it. Now after 10 years, it is time to rethink all this and try again. On the market there are several small and cheap platforms such as the Raspberry Pi, the BeagleBone Black and the EdgeMax that are ideal platforms for our apps. We have then decided …
nProbe

Why nProbe+JSON+ZMQ instead of native sFlow/NetFlow support in ntopng?

Both sFlow and NetFlow/IPFIX are the two leading network monitoring protocols used today on the market. They are two binary protocols encapsulated over UDP, with data flowing (mono-directional) from the probe (usually a physical network device or a software probe such as nProbe)  to the collector (a PC that receives traffic and handles is or dumps it on a database). This architecture has been used for decades, it still makes sense from the device point of view but not for the application (developer) point of view for many reasons: The …
ntopng

Moving Towards ntopng 1.1

It has been a busy summer here at ntop. Since the initial ntopng 1.0 release, we have tried to fill the gap in terms of missing with respect to the original ntop. This post is to update you about the new features of the upcoming 1.1 release schedule for this fall and that are currently available in the SVN development tree: Ability to support multi-interfaces. This means that you can repeat on the command line “-i <interface>” multiple times, one per interface you want to add. Use of HTTP sessions …
nProbe

Tracking and Troubleshooting Mobile Phone Users (IMSI) using the MicroCloud

The microcloud is one of the fields where s used extensively by mobile network operators. The reasons are manyfold: Data aggregation facilities offered in realtime by the microcloud. Realtime user-to-tunnel mapping. User traffic-to-user correlation. Unfortunately when a mobile network is populated by million of active users (IMSI), troubleshooting a problem can be a problem. Tools such as wireshark that are used on fixed networks do not work because: The network is distributed, so there is not single sniffing point, but rather it is necessary to deploy our tools across the …
ntopng

ntop is back: ntopng 1.0 just released

After 15 years since the introduction of the original ntop, it was time to start over with a new, modern ntop. We called it ntopng, ntop next generation. The goal of this new application are manyfold: Released under GNU GPL3. Feature a modern, HTML5 and Ajax-based dynamic web interface (caveat: you need a modern browser to use ntopng). Small application engine, memory wise and crash proof. Ability to identify application protocols via nDPI, ntop’s open-source DPI (Deep Packet Inspection) framework. User’s ability to script, extend, and modify ntopng pages coding …
nDPI

Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification

From time to time we receive emails form people asking how nDPI compares with other similar toolkits. Licio Marchetti has shared this report Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification written by the Universitat Politècnica de Catalunya that says: “the best accuracy we obtained from NDPI (91 points), PACE (82 points), UPC MLA (79 points), and Libprotoident (78 points)”. So nDPI looks in good shape 🙂 This said, last week we have improved quite bit the Bittorrent and Skype dissectors and we have create a small test tool that demonstrate …
PF_RING

PF_RING 5.6.0 Released

This is to announce the release of PF_RING 5.6.0. We recommend all users to install this release as we have fixed a couple of critical bugs. Changelog: PF_RING Kernel module Fixed bug that prevented the PF_RING cluster to work properly with specific traffic Documentation User’s guide translated to russian (courtesy of ridervka@yandex.ru) Libzero Fixed bug that caused the DNA bouncer to process the correct packet Examples pfwrite Added support for the microcloud so that for GTP traffic it is possible to dump traffic of specific IMSI phone Added support for …