Blog Entries

15. 06. 2022 Giovanni Davide Saccá Unified Monitoring

Into the Flows: Collecting Data with nProbe and nTop

The role of these two components is pretty clear: nProbe has the role of collecting traffic data, while nTop makes that data visible and easily analyzable. There is something, however, that needs to be explicitly stated, which is to decide whether it’s ntopng that should contact nProbe or vice versa, and as we’re in a…

Read More
14. 06. 2022 Giovanni Davide Saccá NetEye, Unified Monitoring

nTop and nDPI: How to Increase Network Traffic Analysis

nTop now uses the nDPI (network deep packet inspection) library to classify packets within network traffic for those protocols that either do not use a standard port (defined as well known ports like https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers and https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml) or that are dynamically assigned. In any case the need to classify not only the packet header but also…

Read More
02. 11. 2021 Giovanni Davide Saccá NetEye, Unified Monitoring

nBox to NetEye Elastic Module

A customer asked me to analyze their network flows, with a solution oriented towards using an nBox that collects NetFlow data from a router located away from the branch office, takes it in for analysis, and then sends it to a NetEye Elastic module, which act as an analysis console for that NetFlow data. The…

Read More
11. 10. 2021 Giovanni Davide Saccá NetEye, Unified Monitoring

Distributed, Multi-Instance nProbe: NetFlow Analysis

A client with a really large number of routers installed at their client asked me one day to analyze each of those network flows. They hoped that an analysis tool would be able to discover and impose a multitenant configuration all on its own, so that access could be granted to final users while guaranteeing…

Read More
05. 10. 2021 Giovanni Davide Saccá NetEye, Unified Monitoring

nProbe and nTop All-in-One (Single Node): Netflows Analysis

One of my clients with a number of routers installed at their own remote location asked me if I could analyze the network flows at multiple locations. Their network architecture is a full mesh, and thus has private subnetworks, data center environments, and even in some cases cloud providers. Complex architectures like this require increasing…

Read More

Archive