Fix missing throughputs in countries Misc.Fix failures when the DB is not reacheable.Fix deadline not honored when monitoring SNMP devices.Fix Risks generation in IPS policy configuration.Fix inconsistent local/remote timeseries.Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts.Fix not authorized error when editing SNMP devices.(/get/alert/severity/a, /get/alert/type/a) Fix processing of DNS packets under certain conditions.Fix InfluxDB attempts to alwa re-create retention policies.Fix async SNMP calls blocking the execution.Fix traffic profiles not working over ZMQ.Fix country not always shown in flow alerts.Fix time/timezone in forwarded syslog messages.Fix UTF8 encoding issues in localization tools.Fix wrong Call-ID 0 with RTP streams with no SIP stream associated.Fix fields conversion in timeseries charts filters.Fix TLS version for obsolete TLS alerts when collecting flows.Fix binary application transfer name in alerts.Fix time range picker to support all browsers.Fix a few memory leaks, double free, buffer overflow and invalid memory access.Remove MySQL historical flow explorer (export only).Remove nIndex support, including the flow explorer.Encapsulated traffic is accounted for the lenght of the encapsulated packet and not of the original packet.Score charts timeseries and analysis Changes.Add extra info to service and periodicity map hosts.Add support for all the new nDPI Flow Risks added in nDPI 4.2.Add support for ERSPAN version 2 (type III).Add support for obsolete client SSH version.Add Checks exclusion settings for subnets and for hosts and domains globally.Add detailed view of historical flows and alerts.Add more information to the historical flow data, including Latency, AS, Observation Points, SNMP interface, Host Pools.Add preference to disable polling of SNMP fat MIBs.Perform fat MIBs poll on average every 15 minutes.Stateful SNMP alert to detect too many MACs on non-trunk.Improve localization (including DE and IT translations).Improve support for ping and continuous ping (ICMP) for active monitoring.Improve the speedtest support and servers selection.Improve Enterprise dashboard look and feel.Improve filtering and analysis of the historical flows.Improve periodic activities handling, with support for strict and relaxed (delayed) tasks.Improve historical data retention management for flows and timeseries.Improve CPU utilization and memory footprint.Enhanced support for Observation Points Improvements.Enhanced drill down from charts and historical flow data and alerts to PCAP data.New Historical Data Analysis page (including Score, Applications, Alerts, AS analysis), with the ability to define custom reports with charts.Advanced Historical Flow Explorer, with the ability to define custom queries using JSON-based configurations.New ClickHouse support for storing historical data, replacing nIndex support (data migration available).Produce HTML5/AJAX network traffic statistics.Report IP protocol usage sorted by protocol type.Display IP Traffic Subnet matrix (who’s talking to who?).Analyse IP traffic and sort it according to the source/destination.Show IP traffic distribution among the various protocols.Characterise HTTP traffic by leveraging on characterisation services provided by Google and HTTP Blacklist.Discover application protocols by leveraging on nDPI, ntop’s DPI framework.Geolocate hosts and display reports according to host location.Store on disk persistent traffic statistics in RRD format.For each communication flow report network/application latency/RTT, TCP stats (retransmissions, packets OOO, packet lost), bytes/packets.Top X talkers/listeners, top ASs, top L7 applications.Produce long-term reports about various network metrics such as throughput, application protocols.Show network traffic and IPv4/v6 active hosts.Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, AS.reduced CPU and memory usage (they vary according to network size and traffic).limited configuration and administration via the web interface.In the latter case, ntopng can be seen as a simple RMON-like agent with an embedded web interface. Ntopng users can use a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX, and on Windows as well. Ntopng is the next-generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |