We have designed the ntop Cloud as a way to securely interconnect customer applications deployed across hosts in heterogeneous environments not necessarily directly interconnected. Initially the goal of ntop Cloud is to enable users to administer easily these applications, update/restart/stop/start them with a mouse click, reconfigure them, and supervise their activities. Future SaaS (software as a service) features are planned but not a short term goals. The idea is to simplify application deployment, check application status regardless of the physical network, detect restarts etc. things tha ..read more

It is a pleasure to report the feedback of Greg, one our many long-time users, who reported on LinkedIn how ntop tools have been used to monitor Caltech traffic. Enjoy ..read more

In late 2023 we have announced the beginning of a new project we have called ntop Cloud. The first goal of this project is to enable ntop applications to communicate regardless of the network topology where they are deployed, This in a secure way. In essence we want to create a new network overlay that allow ntop applications to communicate and share data. Some use cases: Be notified when a ntop application is no longer active or more in general when it changes its status. Implement a public web interface that allows administrators to supervise the operations and setup remote instances with a ..read more

ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in May we have scheduled the next ntop Professional Training session. It will take place online (Microsoft Teams) on 14th, 16th, 21st, 23rd, 28th, 30th of May, 2024 at 3.00 PM CET (9.00 AM EDT). Training will be held in English language and each session lasts 90 minutes. All registered attendees will receive, as part of the training, a li ..read more

In ntopng we have implemented various techniques for analysing historical traffic. This post shows you the options available: In timeseries you can see the current traffic rate (line) or the traffic rate of the previous period of time (dotted). This allows you to visually analyse when traffic deviates from previous period of time (see for instance in the chart below the traffic drop happened at 10 AM). 2. You can trigger interface alerts based on statistical traffic analysis (exponential smoothing) when traffic exceeds (up/down) its baseline. Note that when this happens you can trigger an ..read more

Recently ntopng has been used in academia for detecting DoS (Denial of Service) attacks using NetFlow flows. In this thesis (note that the document it is written in Italian) it is shown how ntopng has been successfully used collect flow and use them to detect DoS attacks. Enjoy ..read more

Despite ntop has implemented rich network metrics over the years, the two most important metrics that people keep asking us are volume (how much) and time (how long).  Timeseries offer a quick view of the traffic and allow people to immediately spot traffic peaks or absence of transmissions. They are good for traffic analysis but are too complex for producing accounting data and comparing usage overtime. For this reason ntopng provides for each local host an additional feature that allows you to see immediately the amount and time that a host has passed online. As shown on the above pic ..read more

As previously announced, we have added a new entry in the nBox product list: the nBox Mini. This is a small rugged device with 1 and 2.5 Gbit Ethernet port designed to be used as turn key solutions for monitoring small-mid size networks (typically up to 255 hosts), it is preconfigured to accept mirrored traffic (e.g. from a span-port) or to act as a bump-in-the-wire (inline) device. It comes with ntopng pre-installed and configured through the nBox user interface.  It can optionally run also nProbe to also collect flows that can be visualised with ntopng. It has a fari amount of memory ..read more

In this blog post we want to shave our experience squeezing ntopng memory usage to fit into small OT monitoring devices manufactured by our partner Endian. Just to give you an idea of the work we did look at these two images taken on the same network at the same time of the day, before and after our work. As you can see we managed to squeeze the memory from 4 GB to 1.3 GB. Below we describe how we did it. The challenge was to reduce memory usage while preserving the same functionalities of ntopng. The ntopng code (and of other ntop components such as nDPI) is automatically tested with nightl ..read more

Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with nProbe/ntopng but how can you analyse them when saved in pcap format and not captured from the wire? The nProbe package includes a companion tool that allows flows to be extracted from a pcap file and reproduced as if they were sent on the wire. Welcome to sendPca ..read more