./net/ntopng, Network traffic probe

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.2.1nb1, Package name: ntopng-5.2.1nb1, Maintainer: adam

ntopng is the next generation version of the original ntop, a network traffic
probe that shows the network usage, similar to what the popular top Unix
command does. ntopng is based on libpcap and it has been written in a portable
way in order to virtually run on every Unix platform, MacOSX and on Windows as
well.

ntopng users can use a a web browser to navigate through ntop (that acts as
a web server) traffic information and get a dump of the network status. In
the latter case, ntopng can be seen as a simple RMON-like agent with
an embedded web interface. The use of:

* a web interface.
* limited configuration and administration via the web interface.
* reduced CPU and memory usage (they vary according to network size and traffic)


Required to run:
[www/curl] [databases/rrdtool] [net/GeoIP] [security/gnutls] [security/libgcrypt] [net/zeromq] [databases/redis] [databases/hiredis] [lang/lua53] [net/ndpi] [databases/mysql57-client] [geography/libmaxminddb]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [pkgtools/cwrappers] [x11/xorgproto]

Master sites:

Filesize: 58867.212 KB

Version history: (Expand)


CVS history: (Expand)


   2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) | Package updated
Log message:
revbump for textproc/icu update
   2022-03-30 11:46:07 by Thomas Klausner | Files touched by this commit (3)
Log message:
ntopng: patch out unportable test(1) operator to fix build
   2022-03-28 21:32:25 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
ntopng: updated to 5.2.1

ntopng 5.2 (February 2022)

Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support \ 
(data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries \ 
using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS \ 
analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points

Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed \ 
(delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
 * Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
 * Optimize polling of SNMP devices
 * Improve SNMP v3 support
 * Add more information including version
 * Stateful SNMP alert to detect too many MACs on non-trunk
 * Perform fat MIBs poll on average every 15 minutes
 * Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, \ 
Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
 * Getter for the bridge MIB
 * Getter for LLDP adjacencies
 * Check for BPF filters
 * Score charts timeseries and analysis

Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet \ 
and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs

Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, \ 
/get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries

Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup

nEdge
* Add support for  Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button

ntopng 5.0 (August 2021)

Breakthroughs

* Advanced alerts engine with security features, including the detection of \ 
[attackers and \ 
victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
 * Integration of 30+ [nDPI security \ 
risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
 * Generation of the `score` [indicator of \ 
compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) \ 
for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation \ 
points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover \ 
possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover \ 
self-signed, expired, invalid certificates and other issues

New features

* Ability to configure alert exclusions for individual hosts to mitigate false \ 
positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and \ 
when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and \ 
low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access

Improvements

* Reworked the execution of hosts and flows checks (formerly user scripts), \ 
yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection \ 
performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of \ 
[nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) \ 
historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling

Fixes

* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface

Notes

* To ensure optimal performance and scalability and to prevent uneven resource \ 
utilization, the maximum number of interfaces handled by a single ntopng \ 
instance has been reduced to
 * 16 (Enterprise M)
 * 32 (Enterprise L)
 * 8  (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in \ 
favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts \ 
drilldown page with integrated charts
   2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063)
Log message:
revbump for icu and libffi
   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2021-09-29 21:01:31 by Adam Ciarcinski | Files touched by this commit (872)
Log message:
revbump for boost-libs
   2021-06-23 22:33:18 by Nia Alarie | Files touched by this commit (103)
Log message:
Revbump for MySQL default change