• Can ntopng be considered an IDS (Intrusion Detection System) ?

    ntopng is not typically classified as an Intrusion Detection System (IDS) in the traditional sense, but it does have some features that overlap with IDS functionalities. Let me explain the differences and how ntopng might serve a similar role: What is ntopng? ntopng is an open-source network traffic monitoring tool that provides visibility into network […]

  • Introducing Multilanguage AI/LLM Support (beta)

    In order to assist our community with 24/7 support, we have built an AI/LLM-based bot that has been trained on the ntop documentation (all products including ntopng, nProbe, nDPI…) and blog posts on this website. Currently this service is available in beta version and it is accessible using Discord on our ntop server (read here […]

  • HowTo Configure Flow Collection in nProbe and ntopng

    In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Collection mode: flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use […]

  • Using ntopng to Improve Corporate Security

    Today we report how ntopng has been used by Alabus AG to improve the corporate security (German version down this page). Enjoy ! PS. ntop users are very welcome to contact us reporting how they use ntop tools. ntop is used as a basis for analyzing the entire network traffic and it generates a very […]

  • Call for Presentations for ntopConference 2025 is Now Open

    Next year the ntop community will meet in Zürich, Switzerland  for a two days event (training and conference) on May 7 and 8th. As already happened in the past, we want to meet our users and discuss with them what we have done and what are the future directions to take. This event will not […]

  • How First Packet Classification (FPC) Works in nDPI

    Starting with nDPI 4.10, we have introduced a new feature called First Packet Classification (FPC). Goal of this technique is to address one problem of DPI that detects a protocol only when traffic has been dissected. This means that for TLS you need a few packets (usually between 5 and 10) for protocol dissection, as […]

  • Announcing ntop Professional Training: October 2024

    ntop tools range from packet capture, traffic analysis and processing, and sometimes it is not easy to keep up on product updates as well master all the tools. This has been the driving force for organising ntop professional training. This is to announce that in October we have scheduled the next ntop Professional Training session. […]

  • How Historical Flows Replay Works

    ntop users who have enabled ClickHouse, know that they can search/aggregate/export historical flows and create customized reports. However, in the past months some of our users were uncomfortable of this approach as they preferred to seamlessly analyze historical as live data with the full power of ntopng. In the latest ntopng version we have added […]

  • Sept 5th Webinar: What’s new in the latest version of ntopng, nProbe/Cento, nDPI?

    In mid August we have refreshed most ntop tools, that include new features, enhancements and fixes. This webinar will walk through the major release changes and show what you should expect from this new release. Finally we will present developments plans so you can comment and provide feedback. Here you can find the presentation slides, […]

  • Say Hello to ntopng 6.2: Mitre Att&ck, -60% Memory Usage, Historical Flows Replay, Revamped UI, Remediations, Cloud

    We’re happy to announce ntopng 6.2, a 10 months long development cycle. We have changed a few things in the UI and under the hood. Many pages as the flow page have been rewritten from scratch for responsiveness and usability Mitre Att&ck has been integrated in alerts, flow risks and  dashboards.As you can see we […]

Packet Capture

Wire-speed packet capture and transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines. Libpcap support for seamless integration with legacy applications. Remote capture with nTAP.

Traffic Recording

100 Gbit lossless network traffic recording with n2disk. Industry standard PCAP file format with nanosecond resolution. Layer-7 on-the-fly indexing to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay with disk2n.

Network Probe

NetFlow v5/v9/IPFIX data export and collection with nProbe, an extensible probe with plugins support for L7 content inspection. 100 Gbit NetFlow, traffic classification, and packet shunting for IDS and packet-to-disk acceleration with nProbe Cento.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD and Influx format. Full historical data to ClickHouse and big data systems. Layer 7 analysis based on nDPI. Identity Management with Firewalls and Active Directory support.