ntopng Deep Dive with Luca Deri on Software Gone Wild

PF_RING is a great open-source project that enables extremely fast packet processing on x86 servers, so I was more than delighted when Paolo Lucente of the pmacct fame introduced me to Luca Deri, the author of PF_RING.

When we started chatting, we couldn’t resist mentioning ntopng, another open-source project Luca is working on.

As expected, once we started going down that rabbit trail it quickly led us to numerous interesting topics, resulting in Episode 28 of Software Gone Wild:

  • How it all started and why did Luca decide to start the ntop (and PF_RING) project?
  • What is ntopng (next-generation ntop) and why did they rewrite the product?
  • What are nprobe and nbox?
  • The distributed architecture of ntopng, including probes, data sources, collectors, and the central analyzing engine;
  • Combining ntop and elastic search;
  • Why it makes sense to convert all data into JSON format?
  • What are the problems of 40GE packet capture?
  • How can you do high-speed DDoS prevention with ntopng?

Not surprisingly, we never got to PF_RING (but don’t worry about that, it’s already in the recording pipeline ;).

3 comments:

  1. Found another one some weeks ago:
    FastNetMon - high performance DoS/DDoS analyzer with sflow/netflow/mirror support
    https://github.com/FastVPSEestiOu/fastnetmon
    Well, it doesn´t have a "nice webgui" for now
  2. Hi Ivan,

    Actually I wrote a tech article about it last year because I didn't found good documentation about it. So I wrote about how Ntopng is working with nProbe and how to set up a Ntopng box capturing sFlows from every edge of the Network to get some overview.

    Here is the link, I think it is complementary to your work in some way : https://easyipv6.wordpress.com/2014/08/22/how-to-configure-ntopng-for-collecting-sflow-packets/
  3. Here's a great example using ELK and these tools for line rate packet capture: http://www.networkassassin.com/line-rate-flow-capture-to-elk-stack/
Add comment
Sidebar