Skip to content

4.0 Stable
Compare
Choose a tag to compare
@lucaderi lucaderi released this 29 Mar 16:38
· 122 commits to 4.0-stable since this release
4.0
c5f2303

Breakthroughs

  • Plugins engine to tap into flows, hosts and other network elements
  • Migration to Bootstrap 4 and Font Awesome 5 for a renewed ntopng look-and-feel with light and dark themes
  • Processes and containers monitoring thanks to the eBPF integration via libebpfflow https://github.com/ntop/libebpfflow
  • Active monitoring of hosts ICMP/ICMPv6/HTTP/HTTPS Round Trip Times (RTT)

New features

  • X.509 client certificate authentication
  • ERSPAN transparent ethernet bridging
  • Webhook export module for exporting alarms
  • Identifications of the hosts in broadcast domain
  • Category Lists editor to manage ip/domain lists
  • Handling of PEN fields from nProbe
  • Added anomalous flows to the looking glass
  • Visibility of ICMP port-unreachable flows IPv4
  • TCP states filtering (est., connecting, closed and rst)
  • Ability to serialize local hosts in the broadcast domain via MAC address
  • Japanese, portugese/brazilian localization
  • Added process memory, cpu load, InfluxDB, Redis status pages and charts
  • Implement ntopng Plugins, self contained modules to extend the ntopng functionalities
  • Implement ZMQ/Suricata companion interface
  • SSL traffic analysis and alerts via JA3 fingerprint, unsafe ciphers detection
  • SSH traffic analysis and alerts via HASSH fingerprint
  • Host traffic profile generation via the (MUD) Manufacturer Usage Descriptor
  • Experimental Prometheus timeseries export
  • Introduce the System interface to manage system wide settings and status
  • Read events from Suricata and generate alerts
  • SNMP network topology visualization
  • Automatic ntopng update check and upgrade
  • Calculate host anomaly score and trigger alerts when it exceeds a threshold
  • Add ability to extract timeseries data with a click
  • Initial Marketplace droplet using Fabric
  • Alerts on duplex status change on SNMP interface

Improvements

  • View interfaces are now optimized for big networks and use less memory
  • Systemd macros are now used to start/restart the ntopng services
  • Handles n2disk traffic extractions from recording processes non managed by ntopng
  • Interface in/out now available also for non PF_RING interfaces (read from /proc)
  • Automatic InfluxDB rollup support
  • MDNS discovery improvements
  • Rework of the alerts engine and api for efficient engaged alerts triggering
  • Faster ZMQ communication to nProbe thanks to the implementation of a binary TLV format
  • Stats update for ZMQ interfaces is now based on the idle/active flows timeout
  • Timeseries export improvements via queues, detect if InfluxDB is down and stop the export
  • Implemented reusable Lua engine to reduce the overhead of periodic scripts
  • Improve Lua error handling
  • Exclude certain categories from Elephant/Long lived flows alerts

nEdge

  • Ability to set up port forwarding
  • Support for Ubuntu 18.04
  • Fix users and other prefs deleted during nEdge data reset
  • Japanese localization
  • Block unsupported L3 protocols (currently only ARP and IPv4 are supported)
  • DNS mapping port to avoid conflicts with system programs

Fixes

  • Fixed export to mysql on shutdown in case of Pcap file in community mode
  • Fixed failing SYN-scan detection
  • Fixed ZMQ decompression errors with large templates
  • Fixed possible XSS in login.lua referer param and runtime.lua
  • Update geolocation due to changes in the library usage policy
  • Fixes to support browsers dark mode
  • Option --zmq-encryption-key <pub key> can be used with -I <endpoint> to encrypt data hi hierarchical mode
  • Fixed nIndex missing data while performing some queries and throughput calculation
Assets 2
Loading