Introducing ntopng 3.0

Posted · Add Comment

If you have enjoyed ntopng 2.x, we believe you will like 3.0 even more as we have worked for almost one year to this release. We have modified many things, improved security in ntopng (in the cybersecurity days this is the least we could do), added layer 2 visibility, improved metrics calculations, added alerts support (even on the go), improved significantly the Windows version (yes Win 10 is supported out of the box), improved performance, reworked the GUI in many aspects, improved significantly the inline traffic mode, improved FreeBSD support.

As many professional users requested us specific features such as high-speed flow export in databases or improved reports, we have created a new version named ntopng Enterprise that is now part of the ntopng product family (community and professional). You can find all differences in features across the various product editions in the ntopng page. If you are an existing ntopng pro user, you can contact us for upgrade information.

If you are interested to learn more about the 3.0 improvements, below you can find the whole changelog.

Enjoy ntopng!

 

3.0 Changelog

  • New features
    • Layer-2 Devices
      • MAC devices page
      • Implemented MAC last seen tracking in redis
      • Manufacturer filter and sort
    • Host pools (logical groups of hosts)
    • Logstash flow export extension
    • Implemented data anonymization: hosts and top sites
    • Implements CPU load average and memory usage
    • Virtual Interfaces
      • ZMQ: disaggregate based on probeIP or ingress interfaceId
      • Packet: disaggregate on VLANId
    • ElasticSearch and MySQL flow export statistics
    • Tiny Flows
    • Alerts
      • Implements alerts on a per-interface per-vlan basis
      • Global alert thresolds for all local hosts/interfaces/local networks
      • LUA alerts generation
      • Adds hosts stateful syn attacks alerts
      • Visualization/Retrieval of Host Alerts
      • Added the ability to generate alert when ntopng detects traffic produced by malware hosts
      • Slack integration: send alerts to slack
      • Alerts for anomalous flows
      • Host blacklisted alerts
      • Alerts delete by type, older than, by host
      • SSL certificates mismatch alerts generation
    • Implement SSL/TLS handshake detection
    • Integrated MSDN support
    • Implemented DHCP dissection for name resolution
    • Traffic bridging
      • Per host pool, per host pool member policies
      • Per L7 protocol category policies
      • Flashstart categories to block
      • Time and Traffic quotas
      • Support to google Safe Search DNS
      • Ability to set custom DNS
    • Captive portal
      • Limited lifetime users
      • Support for pc, kindle, android, ipad devices
    • SNMP
      • Periodic SNMP device monitoring and polling
      • Historical SNMP timeseries
      • Host-to-SNMP devices mapping
    • Daily/Weekly/Monthly Traffic Report: per host, interface, network
    • Added ability to define host blacklists
    • DNS flow characterization with FlashStart (www.flashstart.it)
    • Flow LUA scripts: on flow creation, protocol detected, expire
    • Periodic MySQL flows aggregation
    • Batched MySQL flows insertions
    • sFlow device/interface counters
    • Implementation of flow devices stats
  • Improvements
    • Allows web server binding to system ports for non-privileged users
    • Improved VLAN support
    • Improved IPv6 support
    • Implements a script to add users from the command line
    • View interfaces rework
    • Reported number of Layer-2 devices in ntopng footer
    • Preferences re-organization and search
    • Adds RIPE integration for Autonomous Systems
    • Search host by custom name
    • Move to the UTF-8 encoding
    • Make real-time statics refresh time configurable (footer, dashboard)
    • Adds support for localization (i18n)
    • Traffic bridging: improved stability
    • Traffic profiles: improved stability and data persistence
    • Charts
    • Improved historical graphs
    • Traffic report rework and optimizations
    • Improves the responsiveness and interactivity of historical exploration (ajax)
    • Stacked top hosts
    • Add ZMQ flows/sec graph
    • Profiles graphs
    • Implemented ICMP detailed stats for local hosts
    • ASN graphs: traffic and protocols history
    • ARP requests VS replies sent and received by hosts
    • Implement host TCP flags distribution
    • DNS packets ratio
    • FlashStart category graphs
    • Added ARP protocol in interface statistics
    • SNMP port graphs
  • VoIP (nProbe required)
    • Changes and rework for SIP and RTP protocol
    • Adds VoIP SIP to RTP flow search
    • Improves VoIP visualization (RTP)
  • Security Fixes
    • Disable TLS 1.0 (vulnerable) in mongoose
    • Disabled insecure cyphers in SSL (when using ntopng over SSL)
    • Hardens the code to prevent SQL injections
    • Enforce POST form CSRF to prevent programmer mistakes
    • Strict GET and POST parameters validation to prevent XSS
    • Prevent HTTP splitting attacks
    • Force default admin password change