Path to this page:
./
net/ntopng,
Network traffic probe
Branch: CURRENT,
Version: 5.2.1nb1,
Package name: ntopng-5.2.1nb1,
Maintainer: adamntopng is the next generation version of the original ntop, a network traffic
probe that shows the network usage, similar to what the popular top Unix
command does. ntopng is based on libpcap and it has been written in a portable
way in order to virtually run on every Unix platform, MacOSX and on Windows as
well.
ntopng users can use a a web browser to navigate through ntop (that acts as
a web server) traffic information and get a dump of the network status. In
the latter case, ntopng can be seen as a simple RMON-like agent with
an embedded web interface. The use of:
* a web interface.
* limited configuration and administration via the web interface.
* reduced CPU and memory usage (they vary according to network size and traffic)
Required to run:[
www/curl] [
databases/rrdtool] [
net/GeoIP] [
security/gnutls] [
security/libgcrypt] [
net/zeromq] [
databases/redis] [
databases/hiredis] [
lang/lua53] [
net/ndpi] [
databases/mysql57-client] [
geography/libmaxminddb]
Required to build:[
pkgtools/x11-links] [
x11/xcb-proto] [
pkgtools/cwrappers] [
x11/xorgproto]
Master sites:
Filesize: 58867.212 KB
Version history: (Expand)
- (2022-04-20) Updated to version: ntopng-5.2.1nb1
- (2022-03-29) Updated to version: ntopng-5.2.1
- (2021-12-08) Updated to version: ntopng-4.2nb3
- (2021-09-29) Updated to version: ntopng-4.2nb2
- (2021-06-24) Updated to version: ntopng-4.2nb1
- (2021-05-14) Updated to version: ntopng-4.0nb6
CVS history: (Expand)
2022-04-18 21:12:27 by Adam Ciarcinski | Files touched by this commit (1798) |  |
Log message:
revbump for textproc/icu update
|
2022-03-30 11:46:07 by Thomas Klausner | Files touched by this commit (3) |
Log message:
ntopng: patch out unportable test(1) operator to fix build
|
2022-03-28 21:32:25 by Adam Ciarcinski | Files touched by this commit (7) |  |
Log message:
ntopng: updated to 5.2.1
ntopng 5.2 (February 2022)
Breakthroughs
* New ClickHouse support for storing historical data, replacing nIndex support \
(data migration available)
* Advanced Historical Flow Explorer, with the ability to define custom queries \
using JSON-based configurations
* New Historical Data Analysis page (including Score, Applications, Alerts, AS \
analysis), with the ability to define custom reports with charts
* Enhanced drill down from charts and historical flow data and alerts to PCAP data
* nEdge support for Ubuntu 20
* Enhanced support for Observation Points
Improvements
* Improve CPU utilization and memory footprint
* Improve historical data retention management for flows and timeseries
* Improve periodic activities handling, with support for strict and relaxed \
(delayed) tasks
* Improve filtering and analysis of the historical flows
* Improve alert explorer and filtering
* Improve Enterprise dashboard look and feel
* Improve the speedtest support and servers selection
* Improve support for ping and continuous ping (ICMP) for active monitoring
* Improve flow-direction handling
* Improve localization (including DE and IT translations)
* Improve IPS policies management
* Add IPS activities logging (e.g. block, unblock)
* Improve SNMP support
* Optimize polling of SNMP devices
* Improve SNMP v3 support
* Add more information including version
* Stateful SNMP alert to detect too many MACs on non-trunk
* Perform fat MIBs poll on average every 15 minutes
* Add preference to disable polling of SNMP fat MIBs
* Add more information to the historical flow data, including Latency, AS, \
Observation Points, SNMP interface, Host Pools
* Add detailed view of historical flows and alerts
* Add support for nProbe field L7_INFO
* Add ICMP flood alert
* Add Checks exclusion settings for subnets and for hosts and domains globally
* Add CDP support
* Add more regression tests
* Add support for obsolete client SSH version
* Add support for ERSPAN version 2 (type III)
* Add support for all the new nDPI Flow Risks added in nDPI 4.2
* Add extra info to service and periodicity map hosts
* Add Top Sites check
* REST API
* Getter for the bridge MIB
* Getter for LLDP adjacencies
* Check for BPF filters
* Score charts timeseries and analysis
Changes
* Encapsulated traffic is accounted for the lenght of the encapsulated packet \
and not of the original packet
* Remove nIndex support, including the flow explorer
* Remove MySQL historical flow explorer (export only)
* Hide LDAP password from logs
Fixes
* Fix a few memory leaks, double free, buffer overflow and invalid memory access
* Fix SQLite initialization
* Fix support for fragmented packets
* Fix IP validation in modals
* Fix netplan configuration manager
* Fix blog notifications
* Fix time range picker to support all browsers
* Fix binary application transfer name in alerts
* Fix glitches in chart drag operations
* Fix pools edit/remove
* Fix InfluxDB timeseries export
* Fix ELK memory leak
* Fix TLS version for obsolete TLS alerts when collecting flows
* Fix fields conversion in timeseries charts filters
* Fix some invalid nProbe field mapping
* Fix hosts Geomap
* Fix slow shutdown termination
* Fix wrong Call-ID 0 with RTP streams with no SIP stream associated
* Fix ping support for FreeBSD
* Fix active monitoring interface list
* Fix host names not always shown
* Fix host pools stats
* Fix UTF8 encoding issues in localization tools
* Fix time/timezone in forwarded syslog messages
* Fix unknown process alert
* Fix nil DOM javascript error
* Fix country not always shown in flow alerts
* Fix non-initialized traffic profiles
* Fix traffic profiles not working over ZMQ
* Fix syslog collection
* Fix async SNMP calls blocking the execution
* Fix CPU stats timeseries
* Fix InfluxDB attempts to alwa re-create retention policies
* Fix REST API ts.lua returning 24h data
* Fix processing of DNS packets under certain conditions
* Fix invalid space in SNMP Hostnames
* Fix REST API incompat. (/get/alert/severity/counters.lua, \
/get/alert/type/counters.lua)
* Fix map layout not saved correctly
* Fix LLDP topology for Juniper routers
* Fix not authorized error when editing SNMP devices
* Fix double 95perc, splitted avg and 95perc in sent/rcvd in charts
* Fix inconsistent local/remote timeseries
* Fix Risks generation in IPS policy configuration
* Fix deletion of sub-interface
* Fix deadline not honored when monitoring SNMP devices
* Fix traffic profiles on L7 protocols
* Fix TCP connection refused check
* Fix failures when the DB is not reacheable
* Fix segfault with View interfaces
* Fix hosts wrongly detected as Local
* Fix missing throughputs in countries
Misc
* Enforces proxy exclusions with env var `no_proxy`
* Move Lua engine to 5.4
* Major code review and cleanup
nEdge
* Add support for Ubuntu 20
* Add ability to logout when using the Captive Portal
* Add per egress interface stats and timeseries
* Add active DHCP leases in UI and REST API
* Add daily/weekly/monthly quotas
* Add service and periodicity maps and alerts
* Fix Captive Portal not working due to invalid allowed interface
* Fix addition of static DHCP leases
* Fix factory reset
* Fix reboot button
ntopng 5.0 (August 2021)
Breakthroughs
* Advanced alerts engine with security features, including the detection of \
[attackers and \
victims](https://www.ntop.org/ntopng/how-attackers-and-victims-detection-works-in-ntopng/)
* Integration of 30+ [nDPI security \
risks](https://www.ntop.org/ndpi/how-to-spot-unsafe-communications-using-ndpi-flow-risk-score/)
* Generation of the `score` [indicator of \
compromise](https://www.ntop.org/ntopng/what-is-score-and-how-it-can-drive-you-towards-network-issues/) \
for hosts, interfaces and other network elements
* Ability to collect flows from hundredths of routers by means of [observation \
points](https://www.ntop.org/nprobe/collecting-flows-from-hundred-of-routers-using-observation-points/)
* Anomaly detection based on Double Exponential Smoothing (DES) to uncover \
possibly suspicious behaviors in the traffic and in the score
* Encrypted Traffic Analysis (ETA) with special emphasis on the TLS to uncover \
self-signed, expired, invalid certificates and other issues
New features
* Ability to configure alert exclusions for individual hosts to mitigate false \
positives
* FreeBSD / OPNsense / pfSense [packages](https://packages.ntop.org/)
* Ability to see the TX/RX traffic breakdown both for physical interfaces and \
when receiving traffic from nProbe
* Add support for ECS when exporting to Syslog
* Improved TCP analysis, including analysis of TCP flows with zero window and \
low goodput
* Ability to send alerts to Slack
* Implementation of a token-based REST API access
Improvements
* Reworked the execution of hosts and flows checks (formerly user scripts), \
yielding a reduced CPU load of about 50%
* Improved 100Kfps+ [NetFlow/sFlow collection \
performance](https://www.ntop.org/nprobe/netflow-collection-performance-using-ntopng-and-nprobe/)
* Drilldown of \
[nIndex](https://www.ntop.org/guides/ntopng/advanced_features/flows_dump.html#nindex) \
historical flows much more flexible
* Migration to Bootstrap 5
* Check malicious JA3 signatures against all TLS-based protocols
* Reworked Doh/DoT handling
Fixes
* Fixes SSRF and stored-XSS injected with malicious SSDP responses
* Fixes several leaks in NetworkInterface
Notes
* To ensure optimal performance and scalability and to prevent uneven resource \
utilization, the maximum number of interfaces handled by a single ntopng \
instance has been reduced to
* 16 (Enterprise M)
* 32 (Enterprise L)
* 8 (all other versions)
* REST API v1/ is deprecated and will be dropped in the next stable release in \
favor of REST API v2/
* The old alerts dashboard has been removed and replaced by an advanced alerts \
drilldown page with integrated charts
|
2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063) |
Log message:
revbump for icu and libffi
|
2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|
2021-09-29 21:01:31 by Adam Ciarcinski | Files touched by this commit (872) |
Log message:
revbump for boost-libs
|
2021-06-23 22:33:18 by Nia Alarie | Files touched by this commit (103) |
Log message:
Revbump for MySQL default change
|