Smart Network Traffic Recording with ntopng and n2disk
HTML-код
- Опубликовано: 8 май 2023
- This tutorial introduces the new Smart Network Traffic Recording support available in ntopng and n2disk and shows how to enable, configure and use it.
Background:
Continuous network traffic recorders are applications (or appliances) that write network traffic on disk. In case of issues (e.g. security breach or network outage) they enable network and security analysts to go back in time and see how a problem originated. The main limitation of this practice is that a lot of data it is written to disk even when there is nothing special happening on the network. Similar to the evolution of surveillance cameras that implemented “motion detection” to trigger recording when some meaningful even happen, this is to introduce a similar concept for network packet recording. Namely, we now enable (this is a configuration option) the ability to record network traffic only if relevant activities are detected (call it “network motion detection” if you wish): less disk space used, more data recorded, faster data access as non relevant data is discarded. Contrary to “motion detection” where recording starts the a motion is detected, in smart packet recording we have implemented a mechanism (through a technique called “extract on recording“) that allows us to start recording before the security event is triggered, and so give people the ability to see how everything started and not when the problem is already in place. Below we show how nDPI/ntopng (and Suricata via ntopng) trigger smart recording, but soon we want to extend this facility to other third party security applications that can trigger recording in n2disk.
Blog Post:
www.ntop.org/announce/introdu... 
Наука
![Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)](http://i.ytimg.com/vi/eJoMuypbSzQ/mqdefault.jpg)
