FirstLight is the Premier reseller of all ntop software and hardware nBox products. The ntop project was started in 1998 as an opensource network monitoring tool by Luca Deri. With more than 15 years spent in R&D in the networking world, the ntop team, still lead by the project founder, is now a reference in packet capture and analysis community.
Product families include Network Monitoring Solutions, Linux kernel modules for wire-speed packet capture and transmission and Packet-to-Disk Solutions.
nBox Netflow Hardware Appliance
NetFlowTM v5/v9/IPFIX Probe nBox is a Flow-based network traffic analyzer capable of Cisco NetFlowTM data export and analysis. The ability to characterize IP traffic is critical for network availability, performance and troubleshooting. nBox offers a scalable, manageable and reliable solution to provide the necessary data and information to optimize and troubleshoot your network. nBox includes both a NetFlowTM v5/v9/IPFIX probe (nProbe) and a collector (ntopng).
Which Products Are Right For You?
nBox has been developed on Linux, and thanks to an optimised kernel module (PF_RING) significantly improves the packet capture process on 1 and 10 Gbit networks. nBox is able to monitor network trunks at full speed without the requirement of special and expensive hardware accelerated network card. nBox is easy to set-up and thanks to its embedded and intuitive web GUI it is immediately ready to use with little configuration export. Improvements and/or software updates released by the nBox team are immediately available as upgrade via Internet using a simple web interface.
It can be effectively used
- To analyze NetFlow™ flows generated by your border gateway or, generally, by your NetFlow™ enabled device
- Replace the embedded, low-speed, NetFlowTM probe available on your router
- As a NetFlowTM probe to send flows towards one or more collectors (ntopng or any NetFlowTM/IPFIX collector)
- To analyse full speed Gbit networks trunk with no packet loss and delay
- Both as a probe and collector at the same time
Additional Features
- High-performance embedded NetFlowTM v5/v9/IPFIX probe.
- Embedded NetFlowTM v5/v9/IPFIX collector.
- IPv4, IPv6, MPLS, GTP, GRE support. Easy to setup and configure.
- No additional delay in both mirrored traffic and existing network.
- User friendly web GUI for nProbe and ntopng.
- Multiple collector mode for load balancing or redundancy.
- Firmware and packages upgrade via Internet.
- All software reside on flash disk.
- Optional Hard-disk for permanent storing of traffic flows.
- Ability to dump NetFlowTM flows on-disk or on Database Server.
- Over 130+ Application protocols recognized by DPI library including email, messaging, P2P, Skype, Citrix.
nBox_L_S1GC
- Half Depth 1U 19” rackmount server
- Up to 2.5 Mpps
- Fixed 200W PSU with NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x ssd boot drive
- 1 x Dual Port 1Gbit Copper card
- 2 x 1 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Pro license
- 1 x nProbe Pro with Plugin Support license
- 1 year hardware warranty: 3-5 business days replacement
nBox_H10_D1GC
- 1U 19” rackmount server
- Up to 14.88 Mpps
- Fixed 350W PSU w/ NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x ssd boot drive
- 1 x Dual Port 1Gbit Copper card
- 2 x 1 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Pro license
- 1 x nProbe Pro with Plugin Support license
- 1 year hardware warranty: 3-5 business days replacement
nBox_H10_D10GF
- 1U 19” rackmount server
- Up to 14.88 Mpps
- Fixed 350W PSU w/ NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x ssd boot drive
- 1 x Dual Port 10Gbit Fiber SFP+ with Short range optics (SR) card
- 2 x 10/40 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Pro license
- 1 x nProbe Pro with Plugin Support license
- 1 year hardware warranty: 3-5 business days replacement
nBox Recorder Hardware Appliance
High-speed network packet recording system nBox Recorder is a network recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems that we are trying to find. nBox Recorder uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open-source analysis tools like ntop, Wireshark. or Snort.
Modern data networks keep growing and growing in terms of speed. In a few years data throughput increased from 100 Mbit/s to 10 Gbit/s, reaching multi-10 Gbit/speed. This has caused network trac recording activity a challenging experience. In this scenario ntop decided to enclose all the developed technology into a single network appliance: nBox Recorder. Recording configuration, management and packets retrieval can be performed just using the web interface. Also pcap file analysis can be performed directly on the web interface allowing users to display captured pcap or search result straight on the web browser.
Popular nBox Units
Recorder-2x1G Copper-1TB
- Half Depth 1U 19” rackmount server
- Up to 1 Gbit/sec
- Fixed 200W PSU w/ NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x ssd boot drive – and – 1 x 1TB drive
- 1 x Dual Port 1Gbit Copper card
- 1 x 1 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Pro license
- 1 x n2disk 1Gbit license
- 1 year hardware warranty: 3-5 business days replacement
Recorder-2x1G Copper-4TB
- 1U 19” rackmount
- Up to 5 Gbit/sec
- Fixed 350W PSU w/ NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x RAID CARD
- 1 x SSD Boot Drive
- 4 x 1TB Drives
- 1 x Dual Port 1Gbit Copper card
- 2 x 1 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Pro license
- 1 x n2disk 1Gbit license
- 1 year hardware warranty: 3-5 business days replacement
Recorder-2x10G Fiber-8TBUp to 10 Gbit/sec
- Hot Swap 450W PSU w/ NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x RAID CARD
- 2 x ssd redundant boot drive – and – 8 x 1TB
- 2 x Dual Port 10Gbit Fiber SFP+ with
- Short range optics (SR) card
- 2 x 10/40 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Enterprise license
- 1 x n2disk 10/40Gbit license
- 1 year hardware warranty: 3-5 business days replacement
Recorder-2x10GC-4x1GC-8T
- 2U 19” rackmount
- Up to 10 Gbit/sec
- Hot Swap 450W PSU w/ NEMA-15P (US) cord included
- 2 x (10/100/1g) Onboard Mgmt Ports
- 1 x RAID CARD
- 2 x ssd redundant boot drive – and – 8 x 1TB
- 1 x Quad Port 1Gbit Copper card
- 1 x Dual Port 10Gbit Copper card
- 4 x 1 Gbit PF_Ring ZC Intel (per port) license
- 2 x 10/40 Gbit PF_Ring ZC Intel (per port) license
- 1 x ntopng Enterprise license
- 1 x n2disk 10/40Gbit license
- 1 year hardware warranty: 3-5 business days replacement
- free ground shipping in the US
nProbe Software
Much more than a simple NetFlow probe. nProbe can be a probe, probe+collector, collector, or a proxy. In proxy mode you can convert from/to IPFIX/NetFlow v5/v9 in order to smoothly upgrade to newer netflow protocol versions while capitalizing on previous protocol versions. So you can for instance convert flows coming from your v5 router into IPFIX and vice-versa.
- Available for Unix (including MacOS X and Solaris), Windows, and embedded environments.
- Added layer 7 application visibility (including Skype, BitTorrent, Citrix….).
- NetFlow v9/IPFIX support for efficient flow handling.
- Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding.
- Added Cisco NetFlow-Lite support (as of version 6.5).
- Support for IPv4 and v6.
- Ability to natively save flows into MySQL and SQLite, as well as text and binary.
- Native PF_RING support for high speed flow generation (nProbe™ Pro Unix and above).
- Ability to act as flow collector and proxy. All combinations are supported
- Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX).
- Support of detect protocols via DPI (deep packet inspection) and report protocol name in flows for precise collector protocol accounting
- Ability to forge NetFlow interfaceIds based on MAC/IP addresses.
- Collection of Cisco ASA flows and conversion in ‘standard’ flows.
- Support of tunneled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information.
- Support of both flow and packet sampling.
- Support of Flexible Netflow: create your netflow templates, now with PEN support.
- ntop can be used as collector and analyzer for NetFlow v5/v9/IPFIX flows such as those generated by nProbe™ and commercial routers.
Generic packet header-based traffic monitoring is no longer enough. Network administrators need to pin-point problems, understand bottlenecks but in particular to know exactly what is the cause of a certain problem. For this reason it is now necessary to inspect specific protocols in order to understand what’s happened. nProbe™ currently features HTTP, Oracle and MySQL that in addition to exporting information via NetFlow, it also allows administrators to create log of activities that can help understanding what’s really happening on the network.
- Additional nProbe Plugins
- MySQL Plugin [Unix/Win32] – Decodes (unencrypted) MySQL traffic, and produce a log of SQL requests/responses along with performance indicators.
- IMAP/SMTP/POP Plugins [Unix/Win32] – Email plugins for decoding (unencrypted) email traffic and generate flows and logs of email activities.
- SIP/RTP Plugins [Unix/Win32] – Plugins for decoding VoIP (Voice over IP) traffic and producing call log, and voice information (jitter and packet loss).
- Oracle Plugin [Unix/Win32] – Similar to MySQL plugin, just for Oracle databases.
- HTTP Plugin [Unix/Win32] – Decode HTTP traffic and HTTPS certificates. It can generate a comprehensive log of HTTP traffic, including page download and network/server delay. Microcloud friendly.
- DNS Plugin [Unix/Win32] – Decodes DNS traffic, and produce a log of main domain name resolution activities. Microcloud friendly.
- NetFlow-Lite Plugin [Unix] – Plugin for collecting NetFlow-Lite traffic sent by some Cisco switches.
- GTPv1 Plugin [Unix/Win32] – Plugin for decoding GTPv1-C (2G and 3G networks) signalling and producing comprehensive mobile user and traffic tracking. Microcloud friendly. Available only in binary format.
- GTPv2 Plugin [Unix/Win32] – Same as GTPv1 plugin, just for v2 protocol version used in LTE (Long Term Evolution) mobile networks.
- Radius Plugin [Unix/Win32] – Plugin decoding Radius traffic including 3GPP extensions for mobile networks. Microcloud friendly.
- View Product
PF_Ring Software
High-speed packet capture, filtering and analysis. PF_RING™ is a new type of network socket that dramatically improves the packet capture speed, and that’s characterized by the following properties:
- Available for Linux kernels 2.6.32 and newer.
- No need to patch the kernel: just load the kernel modules.
- PF_RING™-aware drivers for increased packet capture acceleration.
- 10 Gbit Hardware Packet Filtering using commodity network adapters
- User-space DNA (Direct NIC Access) drivers for extreme packet capture/transmission speed as the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without any kernel intervention. Using the 10Gbit DNA driver you can send/received at wire-speed at any packet sizes.
- Libzero for DNAfor distributing packets in zero-copy across threads and applications.
ntopng Software
ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well.
ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntopng can be seen as a simple RMON-like agent with an embedded web interface.
The Community edition is the standard ntopng that you can use free of charge and that implements a robust and easy to use web-based traffic monitoring application. The Professional edition is an enhanced version of ntopng that includes modern reports and many new features listed below on this article. This edition is available at a small cost to better serve the ntop community.
Community Edition
- Added ability to aggregate traffic from various network interfaces on the same interface view while keeping interface traffic split. Example ntopng -i eth1, -i eth2 -i view:eth1,eth2
- Hardened the code to support mid/large organisations and high traffic volumes, as well for operating on hosts with little memory
- Added flow TCP traffic statistics (packets retransmitted, lost, and out of order)
- Ability to sniff from netfilter interface
- Integration of ntopng with nagios: you can now create nagios plugins to query ntopng and thus emit alerts based not traffic conditions
- Added ability to fine-tune RRD configurations
- Ability to work behind an HTTP reverse proxy
- Enhanced host GeoIP location
- Added per-network RRDs
- Added ability to dump specific traffic (e.g. of a selected host) or when specific traffic conditions arise (e.g. too much traffic) on a tap interface and attach applications such as Wireshark/tcpdump to it. Similarly added ability to dump traffic to disk in pcap format
- Added ability to send data in Lua using UDP (for instance you can use it for exporting metrics to Graphite)
- Moved the code to GitHub for easier collaboration
- Added support for the latest nDPI that includes support for various new protocols (e.g. QUIC) and new versions of existing ones (e.g. Skype). nDPI is also used to drop application traffic in the professional noting edition
- Added network latency in flows (server vs client network latency)
- Enhanced host alerts (including traffic quotas) and added interface alerts. You can now for instance generate traffic alerts when an interface has too much traffic or if a host has passed its daily traffic quota
- Alerts are now generated when ntopng detects a flooder or a network scanner (as well when accessing malware sites [-c plugin])
- Ability to categorise malware (-c option) using the Google Safe Browsing API that replaces the block.si service present in ntopng 1.x
- Added ability to generate a traffic report for all hosted HTTP servers (on local networks): ISPs can now create a hourly report of all the thousand of servers they are hosting
- Enhanced the ElasticSearch export facility to cope with latest additions such as host geolocation
- Added reports per AS, geo-location, network, HTTP servers
- ntopng can now be queried via HTTP tools such as curl or wget with authentication enabled
- Added HTTP virtual hosts support in HTML reports
Professional Edition
- Dynamic dashboard that includes a realtime view of traffic
- Ability to operate in inline mode and thus implement a layer-7 firewall (even on low-end embedded boxes) and traffic shaper (drop traffic that matches certian protocols)
- Per-minute accurate reports (in JSON format) of top X activities so that users can use them to generate further traffic reports in addition to all those included in the pro version
- PDF-printable reports including top hosts/activities/protocols
- Graphs now rendered in a pretty way with zoomable (in and out) drill-down facility
- Added SNMP support for visualising MIB-II host information through the ntopng web interface
ntop integrates with CloudShark
ntop n2disk Line Rate Packet Recorder is a diverse company with solutions for network monitoring, VPN, as well as packet-to-disk and wire-speed packet capture and transmission. These solutions, including n2disk, allow you to capture at multi-Gigabit rates on a live network interface without packet loss. With n2disk’s CloudShark integration, you can view those captures immediately, right in your browser.