About ntop – independent network monitoring solutions
ntop is a small independent research and development company that specialises in creating high quality network monitoring software and devices.
It was founded in Italy in 1998, with the aim of developing a simple yet effective web-based traffic monitoring platform.
They have kept their focus on providing powerful yet affordable network monitoring solutions, based on commodity hardware and their own open-source software.
We love their ethos. Highlights include:
- Producing their own ‘home-grown’ solutions to maintain their independence and keep costs under control (avoiding unpredictable licensing fees)
- Offering transparent and stable pricing
- Providing their software free of charge to organisations and individuals that would benefit from but can’t afford it
- Using solar power generated onsite to power their internal systems
Their range now includes software, which is available either as a download or pre-installed on hardware, covering:
- Packet capture
- Traffic recording and replay
- Flow-based traffic analysis and enforcement
- Deep packet inspection
- Distributed denial-of-service (DDoS) mitigation
- Virtual private networks (VPNs)
We offer their full range of software and hardware products, but the ones we most often recommend are their nBox NetFlow/IPFIX and nBox Recorder devices, which come pre-loaded with the relevant ntop software.
nBox NetFlow/IPFIX
nBox NetFlow/IPFIX, often referred to simply as nBox, is an appliance designed to generate, collect and analyse Netflow/IPFIX metadata related to the web traffic passing through a network.
The hardware itself is simple and low-maintenance, with no moving parts and no need for an operating system to run. This makes the devices practical and cost-effective, especially if you need several to monitor a network.
The proprietary software which comes pre-installed is also available to purchase separately. However we highly recommend opting for nBox NetFlow/IPFIX, as the risks and costs are likely to be considerably lower, and your user experience will be far superior.
How does nBox NetFlow/IPFIX work?
There are various models available, however all are built using commodity hardware and come pre-loaded with key ntop software, most notably:
- nProbe, which generates NetFlow/IPFIX metadata
- ntopng, which collects and analyses the metadata
Once the device is installed on the network, you can interact with the on-board software through an intuitive web interface.
The pre-installed software products vary depending on the model. All models can be customised, if needed to suit your exact requirements.
Common use cases for generating NetFlow/IPFIX
Our customers tend to use nBox for:
a) Gaining visibility of the traffic on their networks
b) Determining the root cause of network performance issues
c) Monitoring network traffic for security purposes
Why nBox NetFlow/IPFIX?
- nBox can generate NetFlow or IPFIX metadata independently of other devices on the network.
- Using it can avoid the performance of network devices being impacted by generating their own metadata about the traffic passing through them.
- It overcomes blind spots where devices are unable to generate their own metadata.
- The metrics it generates provide security and application performance insights that may not be available elsewhere.
- Installing nBox on your network will give you a superior user experience compared to buying the ntop software separately and creating a DIY installation.
What are the options?
nBox NetFlow/IPFIX is available as a physical appliance in the following models:
| nBox | Form Factor | Monitoring Capabilities | Monitoring Port Options | Software |
|---|---|---|---|---|
| Entry Level | Desktop | Up 100 Mbit | 2 x 1 Gbit Copper | ntopng |
| Mini | Desktop | Up 500 Kpps | 1 Gbit Copper | nProbe ntopng |
| L | 1U 19" rackmount | Up to 2.5 Mpps | 2 x 1 Gbit Intel ZC Copper 2 x 10 Gbit Intel ZC Fiver SFP+ | PF_RING ZC nProbe Pro ntopng |
| M | 1U 19" rackmount | Up to 6 Mpps | 2 x 1 Gbit Interl ZC Copper 2 x 10 Gbit Intel ZC Fiver SFP+ | PF_RING ZC nProbe Pro ntopng |
| H10 | 1U 19" rackmount | Up to 10 Mpps | 2 x 10 Gbit Intel ZC Fiver SFP+ 4 x 10 Gbit Intel ZC Fiver SFP+ 2 x 40 Gbit Intel ZC Fiver SFP+ | PF_RING ZC nProbe Pro ntopng |
| H10C | 1U 19" rackmount | Up to 14.88 Mpps | 2 x 10 Gbit Intel ZC Fiver SFP+ | PF_RING ZC nProbe Cento ntopng |
| H40C | 1U 19" rackmount | Up to 4x 14.88 Mpps | 4 x 10 Gbit Intel ZC Fiver SFP+ 2 x 40 Gbit Intel ZC Fiver QSFP+ | PF_RING ZC nProbe Cento |
| H100C | 1U 19" rackmount | Over 80 Mpps | 100 Gbit FPGA | PF_RING ZC nProbe Cento |
See the nBox NetFlow/IPFIX product options in our shop.
nBox Recorder
ntop describe nBox Recorder as a continuous packet recorder. It captures full-sized data packets from a live network, at gigabit rate, and writes them into PCAP files.
ntop created it to help users respond proactively to network security threats. By recording all packets, including headers and payload, it makes the network data available so technicians can search for and isolate the packets responsible for a security attack.
How does nBox Recorder work?
nBox Recorder saves packets of network data in PCAP file format on the integrated hard drives.
Filters make it possible to specify which data packets are saved (or ‘dumped’), for example focusing on specific times of day or when traffic exceeds a certain level. Detailed statistics of all the data saved will be recorded.
If an attack occurs, you will then be able to reconstruct specific network activities and analyse them using specialised tools such as those from ntop, Wireshark or Snort.
Common use cases for nBox Recorder
Our customers use nBox Recorder as part of their data security system, to record network data in a format that can later be replayed and analysed, as necessary.
Why nBox Recorder?
nBox recorder effectively makes it possible to go back in time and replay what happened on your network. So if a cybersecurity attack occurs, you can go back through the data and find the packet responsible.
The user-friendly web interface makes it as easy as possible to isolate the cause of the issue so it can be fixed.
What are the options?
nBox Recorder is available as a physical appliance in the following models:
| nBox Recorder | Form Factor | Monitoring port options | Certified dump performance | Storage size | RAID |
|---|---|---|---|---|---|
| R8 | 1U 19" rackmount | 2 x 1 Gbit Intel ZC Copper 2 x 10 Gbit Intel ZC Fiber SFP+ 2 x 10 Gbit FPGA-based adapter with hardware timestamps | 10 Gbit/s 14.88 Mpps | 8 x 1.2 TB | HW RAID |
| R24 | 2U 19" rackmount | 2 x 1 Gbit Intel ZC Copper 2 x 10 Gbit Intel ZC Fiber SFP+ 2 x 10 Gbit FPGA-based adapter with hardware timestamps 4 x 10 Gbit FPGA-based adapter with hardware timestamps 2 x 40 Gbit FPGA-based adapter with hardware timestamps | 2 x 10 Gbit/s (2 x 14.88 Mpps) 2 x 40 Gbit/s (25 Gbit max, regardless of pps) | 24 x 1.2 TB | HW RAID |
R12E| 2U 19" rackmount | 2 x 1 Gbit Intel ZC Copper | 2 x 10 Gbit Intel ZC Fiber SFP+ 2 x 10 Gbit FPGA-based adapter with hardware timestamps 4 x 10 Gbit FPGA-based adapter with hardware timestamps 2 x 40 Gbit FPGA-based adapter with hardware timestamps Up to 40 Gbit/s | (depending on storage configuration) 12 x 6 TB (expandable) | HW RAID |
|
See the nBox Recorder product options in our shop.
Although we highly recommend ntop’s hardware options, we also supply their software for you to install on devices of your choice.
Download the ntop visibility overview.
