Sometimes, a critical issue shows up in your network and you’d like to be notified by ntopng on Telegram or by E-Mail. ntopng allows you to filter alerts for each recipient based on a few criteria including alert family, category, severity, or affected hosts. However in some case you want to be notified about a […]
Using Traffic Rules To Supervise Network Traffic
The Problem Let’s assume that you have a Network where local hosts generate a constant amount of traffic. How do you find if they are misbehaving? It happens that some local host starts behaving strangely, by having an abnormal amount of traffic (sent or received) with respect to their recent past: how can you spot […]
What’s New in ntopng: Network Assets
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Asset Map. Have you ever asked yourself, what are the NTP servers in your network? Or, are […]
What’s New in ntopng: Periodic Activities (a.k.a beaconing) !
Hello everybody! Welcome back to the weekly blog post of this serie used to update you with the latest ntopng features and graphical changes. Please let us know your feedback! Today we are going to talk about the Periodicity Map. You are probably asking yourself what’s so bad about periodic activities, right? First of all, […]
ntopng 5.0 Is Out: Modern Traffic Monitoring for AIOps and Cybersecurity
ntopng was initially designed as a tool for realtime network traffic monitoring. The idea was to create a DPI-based tool able to report traffic statistics. Overtime we have added the ability to implement active monitoring checks, SNMP, and various other features. However there was a fundamental point that was missing: go beyond traffic reporting, moving […]
NetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and dump NetFlow data. The idea is to provide performance figures useful to understand the maximum […]
How Attackers and Victims Detection works in ntopng
In recent ntopng versions, alerts have been significantly enriched with metadata useful to understand network and security issues. In this post, we focus on the “Attacker” and “Victim” metadata, used to enrich flow alerts and label hosts. Specifically, the client or the server of a flow is labelled as “Attacker” when it is, with high […]
ntopng 4.0: A Refreshed Look with Dark Themes!
The latest ntopng 4.0 has a renewed look. The main changes we have introduced are: An always-on-top status bar. Key information on the health and status of the network is essential for the analyst and it must be always visible and easily accessible. This is why we have introduced an always-on-top fixed status bar with […]
Merging Infrastructure and Traffic Monitoring: Integrating ntopng with Icinga
Icinga2 is an open source monitoring system which checks the availability of hosts and services, notifies users of outages and generates performance data for reporting. Thanks to its scalability and extensibility, it has become very popular (as Nagios successor) and suitable to monitor complex environments, even across multiple locations. Although popular, it falls short when […]
Identifying Suspicious Flows: Network Issues or Misbehaving Hosts ?
Starting from the latest 3.9 version, ntopng features and handy dropdown menu that allows you to filter flows on the basis of their current TCP state. Being able to filter flows on the basis of their TCP state is particularly useful as it allows to separate the normal flows from those that are suspicious or […]