All Blog Posts

nDPI

nDPI: Internals and Frequent Questions
All ntop tools are based on nDPI but not every use is familiar with nDPI internals. We often receive questions about it, and it’s time to answer frequent questions. Q: How nDPI implements protocol detection? A: nDPI includes a list of protocol dissectors (356 as of today) that are able to dissect protocols such as WhatsApp or TLS. As soon as a new flow is submitted to nDPI, the library applies in sequence dissectors that can potentially match the protocols (i.e. telnet is a TCP-based protocol and it will not …
ntopng

ntopng 6.0 Webinar
Last week we have released ntopng 6.0 that contains many new features and a redesigned user interface. Goal of this webinar is to walk through this new release and show a demo of all the major changes we have introduced.   These are the presentation slides, and below you can see the video recording. Enjoy !   …
ntopng

How ntopng Merges Vulnerability Scan with Traffic Monitoring for Better Cybersecurity
ntopng was initially designed as a passive traffic monitoring tool. Over the years we have added active monitoring features such as network discovery, SNMP, and now vulnerability scan.  A network vulnerability scanner is a tool designed to identify vulnerabilities (often know as CVEs) in network services such as a web or SSH server by performing an active service scan. In ntopng we have decided to complement passive traffic with active scanning because: We want to identify vulnerabilities that can assist network and security administrators to implement a healthy network. Matching …
ntopng

Welcome to ntopng 6.0: new Dashboard, Vulnerability Scan, Cloud [beta], Periodic Reports, Threshold-based Alerts
This is to announce ntopng 6.0 a new major release that includes many new features and improvements: ntopng is no longer just a real-time traffic monitoring application: it can now track assets when offline and enable better investigations leveraging on improved historical traffic analysis. Implemented vulnerability reports that can scan hosts, ports, and look for CVEs. Even if other tools sport similar features, ntopng is unique in merging traffic analysis with vulnerability assessment. This means that you can position your CVEs with respect to real traffic (i.e. a severe vulnerability …
nProbe

nProbe 10.4 is now Available: Cloud Support and Agent Mode
This is to announce the release of nProbe 10.4. In this version we have made several improvements (including support for new platforms and distributions) as well merged the agent code into the main code base (via -T) on both Linux and Windows. This feature allows you to export (for traffic originated or terminated on the host where nProbe runs) additional contextual information such as the user or process name that produced specific traffic flows. The agent mode is used in ntopng to implement the cloud mode support, that enables nProbe …
cento

nProbe Cento 1.20 Just Released
This is to announce the release of nProbe Cento 1.20, that is basically a maintenance release that fixes some issues, improved metadata export using nDPI, and adds new platform and distributions support. Below you can find the whole changelog. Enjoy ! Improvements Add ARM support Add support for dumping bad packets (–dump-bad-packets) Add support for the latest nDPI API Improve nDPI protocol guess Fixes Fix bridge mode with standard drivers Fix max interface speed detection with comma-separated list Fix tx stats Fix banned search Fix permissions for the logrotate configuration …
nDPI

nDPI 4.8 is Now Available: Better Performance with Less Memory, Fuzzy Robustness, Many New Protocols
This is to announce the release of nDPI 4.8 that introduces various new protocols (in total 351 protocols and 53 risks), several internal changes to improve packet processing, extension of fuzzing to new components to improve coverage, new algorithms for handling lists with reduced memory and better performance. Protocol changes have been introduced not just for new protocols but also for keeping track of changes on exiting protocols such as QUIC and TLS. This said there are many changes under the hood that include contributions from many developers and that …
ntopng

Threshold vs Statistical Metric Alerts in ntopng
Threshold alerts and statistical alerts are two different methods for monitoring and detecting unusual or potentially problematic events in various systems, such as network monitoring where anomaly detection is essential. They differ in how they define and identify anomalies: Threshold Alerts Threshold alerts are based on fixed, predefined values or thresholds. You set specific thresholds for one or more parameters or metrics within your system. When these parameters cross the predefined thresholds, an alert is triggered. These thresholds are typically static and do not change automatically. You need to set …
ntop

ntopConf 2023 Videos and Slides are Now Available
The ntop conference and training 2023 was a success: more than 100 people attended it, some of them flying to Italy from other continents. This has been a special event as we have celebrated 25 years since the first release of the original ntop application, and 10 years of ntopng. This was our first international event (previous conferences were in Italian) and we are happy of the outcome. For us a conference is a way to update our community about the progresses we have made, how the community uses our …
ntop

How to Monitor What Matters
Yesterday we have been invited to the NetEye Users Group Meeting to give a speech about monitoring and cybersecurity. During the talk we covered out 25 years journey in this industry and the decisions we have made during that time: Network vendors provide (after 25 years) poor monitoring data: flaws, proprietary formats, sampling, device limitations didn’t change the landscape even though the NetFlow RFC 3954 is 20 years old, and IPFIX is basically just a cosmetic change. nDPI is 10 years old and it allowed us to provide contextual information …
ntop

Announcing ntop Professional Training: November 2023
ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training: . This is to announce that in May we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 7th, 9th, 14th, 16th, 21st, 23rd of November, 2023 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session …
ntopng

How to Send ntopng Alerts to PagerDuty
PagerDuty is a popular incident-response platform that allows problem notifications to be delivered in a flexible way to the correct team member. We have integrated it in ntopng Enterprise and this post shows you howto configure it. First of all you need to create a PagerDuty account and select a plan (there is a free one you can choose). Done that within PagerDuty you need to select “Event Orchestration” from the “Automation” menu and create a new event orchestration. Below you can see an example. Once you saved it click …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe