ntop’s Complete Product Lineup

TruePath is the Premiere reseller of all ntop software and hardware nBox products.The ntop project was started in 1998 as an opensource network monitoring tool by Luca Deri. With more than 15 year spent in R&D in the networking world, the ntop team, still lead by the project founder, is now a reference in packet capture and analysis community.

ntop Product Brochure

Product families include Network Monitoring Solutions, Linux kernel modules for wire-speed packet capture and transmission and Packet-to-Disk Solutions

Or drop us a line for questions, demos and pricing


ntop Software Online Ordering

10/40 Gbit PF_RING ZC Intel [Linux]PF_RING ZC license (per MAC address) for 10/40/100 Gbit Intel adapters. It includes 5 days …$175.00
nProbe Standard License (Linux/Win)NetFlow v5/v9/IPFIX traffic probe/collector/proxy Standard (no plugin support). Permanent license. This includes 5 days installation …$172.00 172
ntopng Pro Linux/Win (x64)License for enabling ntopng Pro (Small Business Edition) Linux/Win (x64). 1 year license. This includes …$172.00
nProbe Pro with PF_RING/Plugin SupportNetFlow v5/v9/IPFIX traffic probe Pro with PF_RING/plugin support. Permanent license. Includes 5 days installation support …$399.00 399
ntopng Enterprise Linux/Win (x64)License for enabling ntopng Enterprise Linux/Win (x64). It includes 5 days installation support and one …$572.00
nScrub S [Linux]nScrub S license. It includes 5 days installation support and one year of updates. Per …$1,144.00
nScrub M [Linux]nScrub M license. It includes 5 days installation support and one year of updates. Per …$1,717.00
nScrub L [Linux]nScrub L license. It includes 5 days installation support and one year of updates. Per …$2,289.00
nProbe Cento XL [Linux]nProbe Cento XL: permanent license. It includes 5 days installation support and one year of …$3,433.00
nProbe Cento L [Linux]nProbe Cento L: permanent license. It includes 5 days installation support and one year of …$2,289.00
nProbe Cento M [Linux]nProbe Cento M: permanent license. It includes 5 days installation support and one year of …$1,144.00
nProbe Cento S [Linux]nProbe Cento S: permanent license. It includes 5 days installation support and one year of …$572.00
Upgrade nProbe Standard to Pro [Linux/Win]Upgrade nProbe Standard to Pro: permanent license. It includes 5 days installation support and one …$172.00
Upgrade ntopng Pro to Enterprise Linux/Win (x64)License for upgrading ntopng from Pro to Enterprise Linux/Win (x64). It includes 5 days installation …$401.00
1 Gbit PF_RING ZC Intel [Linux]PF_RING ZC license (per MAC address) for 1 Gbit Intel adapters. It includes 5 days …$57.00
n2disk for nProbe Cento [Linux]n2disk license able to work with nProbe Cento (no capture from network interface). It includes …$1,144.00
n2disk 5 Gbit [Linux]n2disk able to dump on disk up to 5 Gbit. It includes installation support and …$2,861.00
n2disk 10/40G [Linux]n2disk able to dump on disk up to 10 Gbit (Intel) and 40 Gbit (Napatech/Silicom). …$3,999.00
disk2n [Linux]Reproduce multi pcap (up to TB) files at 10G line rate. It includes 5 days …$799.00
n2disk 1G [Linux]n2disk able to dump on disk up to 1 Gbit. It includes 5 days installation …$1,717.00
10 Gbit PF_RING ZC Myricom [Linux]PF_RING ZC license (per MAC address) for 10 Gbit CSPI/Myricom adapters. It includes 5 days …$114.00
PF_RING ZC Napatech/Fiberblaze/Endace [Linux]PF_RING ZC license (per NIC) for Napatech/Endace/Fiberblaze adapters 1/10/40/100 Gbit adapters. It includes 5 days …$286.00
ntopng Pro Embedded (ARM) [Linux]License for enabling ntopng Pro Embedded (ARM). It includes 5 days installation support and one …$57.00
nProbe Embedded (ARM) [Linux]NetFlow v5/v9/IPFIX traffic probe/collector/proxy Embedded: permanent license. It includes 5 days installation support and one …$57.00

nBox Netflow

NetFlowTM v5/v9/IPFIX Probe nBox is a Flow-based network traffic analyzer capable of Cisco NetFlowTM data export and analysis. The ability to characterize IP traffic is critical for network availability, performance and troubleshooting. nBox offers a scalable, manageable and reliable solution to provide the necessary data and information to optimize and troubleshoot your network. nBox includes both a NetFlowTM v5/v9/IPFIX probe (nProbe) and a collector (ntopng).

  • It can be effectively used:
  • to analyse NetFlowTM flows generated by your border gateway or, generally, by your NetFlowTM enabled device
  • to replace the embedded, low-speed, NetFlowTM probe available on your router
  • as a NetFlowTM probe to send flows towards one or more collectors (ntopng or any NetFlowTM/IPFIX collector)
  • both as a probe and collector at the same time
  • to analyse full speed Gbit networks trunk with no packet loss and delay

nBox Brochure

nBox has been developed on Linux, and thanks to an optimised kernel module (PF_RING) significantly improves the packet capture process on 1 and 10 Gbit networks. nBox is able to monitor network trunks at full speed without the requirement of special and expensive hardware accelerated network card. nBox is easy to set-up and thanks to its embedded and intuitive web GUI it is immediately ready to use with little configuration export. Improvements and/or software updates released by the nBox team are immediately available as upgrade via Internet using a simple web interface.

  • Key Features
  • High-performance embedded NetFlowTM v5/v9/IPFIX probe.
  • Embedded NetFlowTM v5/v9/IPFIX collector.
  • IPv4, IPv6, MPLS, GTP, GRE support. Easy to setup and configure.
  • No additional delay in both mirrored traffc and existing network.
  • User friendly web GUI for nProbe and ntopng.
  • Multiple collector mode for load balancing or redundancy.
  • Firmware and packages upgrade via Internet .
  • All software reside on flash disk.
  • Optional Hard-disk for permanent storing of traffic flows.
  • Ability to dump NetFlowTM flows on-disk or on Database Server.
  • Over 130+ Application protocols recognised by DPI library including email, messaging, P2P, Skype, Citrix.

Drop us a line for questions, demos and pricing




  • nBox_L
  • Designed to support up to 50,000 concurrent flows (500 Mbit capable).
  • 1U 19″ rackmount nBox
  • One management port (Gigabit Copper)
  • One monitoring port (Gigabit Copper)
  • nProbe Pro license for 2 monitoring ports
  • DNA Software license
  • Dimensions H 43; W 427; D 356 mm
  • nBox_H
  • Designed to support up to 100,000 concurrent flows (Gbit capable).
  • 1U 19″ rackmount nBox
  • High-end system
  • Two management ports (1 Gigabit Copper)
  • Two monitoring port (1 Gigabit Copper)
  • nProbe Pro license for 2 monitoring ports
  • DNA Software license
  • Dimensions H 43; W 427; D 356 mm
  • nBox_H10
  • Designed to support up to 500,000 concurrent flows (multi Gbit capable).
  • 1U 19″ rackmount nBox
  • High-end system
  • One management port (Gigabit Copper)
  • One 10 Gbit port (SR)
  • 2 x 10/40 Gbit PF_Ring ZC Intel (per port) license
  • nProbe Pro license for 2 monitoring ports
  • DNA Software license
  • Dimensions H 43; W 427; D 356 mm


nBox Recorder

High-speed network packet recording system nBox Recorder is a network recorder application. With nBox Recorder you can capture full-sized network packets at gigabit rate from a live network interface and write them into files. It has been designed and developed mainly because most network security systems rely on capturing all packets (headers and payload), since any packets may have been responsible for the attack or could contain the problems that we are trying to find. nBox Recorder uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open-source analysis tools like ntop, Wireshark. or Snort.

nBox Recorder Brochure

Modern data networks keep growing and growing in terms of speed. In a few years data throughput increased from 100 Mbit/s to 10 Gbit/s, reaching multi-10 Gbit/speed. This has caused network trac recording activity a challenging experience. In this scenario ntop decided to enclose all the developed technology into a single network appliance: nBox Recorder. Recording configuration, management and packets retrieval can be performed just using the web interface. Also pcap file analysis can be performed directly on the web interface allowing users to display captured pcap or search result straight on the web browser.

Drop us a line for questions, demos and pricing
  • Key Features
  • Multi 10 Gbit/s packet to disk with zero packet loss in pcap file format
  • On-the-fly indexing and compression/decompression
  • Web configuration and management
  • API accessible search indexes
  • Pcap re-injection into network
  • User customisable appliance
  • Up to 24 TB of storage available in 2U appliance format
  • Appliance available in 1U or 2U rackable format
  • Extended pcap analysis immediately available using ntopng graphical web interface
  • nBox_R1
  • Half Depth 1U 19″ rackmount server
  • Up to 1 Gbit/sec
  • Fixed 200W PSU w/ NEMA-15P (US) cord included
  • 2 x (10/100/1g) Onboard Mgmt Ports
  • 1 x ssd boot drive – and – 1 x 1TB drive
  • 1 x Dual Port 1Gbit Copper card
  • 1 x 1 Gbit PF_Ring ZC Intel (per port) license
  • 1 x ntopng Pro license
  • 1 x n2disk 1Gbit license
  • 1 year hardware warranty: 3-5 business days replacement
  • nBox_R4
  • 1U 19″ rackmount
  • Up to 5 Gbit/sec
  • Fixed 350W PSU w/ NEMA-15P (US) cord included
  • 2 x (10/100/1g) Onboard Mgmt Ports
  • 1 x RAID CARD
  • 1 x SSD Boot Drive
  • 4 x 1TB High Speed 10K RPM Drives
  • 1 x Dual Port 1Gbit Copper card
  • 2 x 1 Gbit PF_Ring ZC Intel (per port) license
  • 1 x ntopng Pro license
  • 1 x n2disk 1Gbit license
  • 1 year hardware warranty: 3-5 business days replacement
  • nBox_R8 10G
  • 2U 19″ rackmount server (with rails)
  • Up to 10 Gbit/sec
  • Hot Swap 450W PSU w/ NEMA-15P (US) cord included
  • 2 x (10/100/1g) Onboard Mgmt Ports
  • 1 x RAID CARD
  • 2 x ssd redundant boot drive – and – 8 x 1TB
  • 2 x Dual Port 10Gbit Fiber SFP+ with Short range optics (SR) card
  • 2 x 10/40 Gbit PF_Ring ZC Intel (per port) license
  • 1 x ntopng Enterprise license
  • 1 x n2disk 10/40Gbit license
  • 1 year hardware warranty: 3-5 business days replacement



Much more that a simple NetFlow probe. nProbe can be a probe, probe+collector, collector, or a proxy. In proxy mode you can convert from/to IPFIX/NetFlow v5/v9 in order to smoothly upgrade to newer netflow protocol versions while capitalizing on previous protocol versions. So you can for instance convert flows coming from your v5 router into IPFIX and vice-versa.

  • Available for Unix (including MacOS X and Solaris), Windows, and embedded environments.
  • Added layer 7 application visibility (including Skype, BitTorrent, Citrix….).
  • NetFlow v9/IPFIX support for efficient flow handling.
  • Added Cisco NetFlow-Lite support (as of version 6.5).
  • Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding.
  • Support for IPv4 and v6.
  • Ability to natively save flows into MySQL and SQLite, as well as text and binary.
  • Native PF_RING support for high speed flow generation (nProbe™ Pro Unix and above).
  • Ability to act as flow collector and proxy. All combinations are supported.
  • Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX).
  • Support of detect protocols via DPI (deep packet inspection) and report protocol name in flows for precise collector protocol accounting.
  • Ability to forge NetFlow interfaceIds based on MAC/IP addresses.
  • Collection of Cisco ASA flows and conversion in ‘standard’ flows.
  • Support of tunnelled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information.
  • Support of both flow and packet sampling.
  • Support of Flexible Netflow: create your netflow templates, now with PEN support.
  • ntop can be used as collector and analyzer for NetFlow v5/v9/IPFIX flows such as those generated by nProbe™ and commercial routers.


Drop us a line for questions, demos and pricing
Generic packet header-based traffic monitoring is no longer enough. Network administrators need to pin-point problems, understand bottlenecks but in particular to know exactly what is the cause of a certain problem. For this reason it is now necessary to inspect specific protocols in order to understand what’s happened. nProbe™ currently features HTTP, Oracle and MySQL that in addition to exporting information via NetFlow, it also allows administrators to create log of activities that can help understanding what’s really happening on the network.

  • Additional nProbe Plugins
  • MySQL Plugin [Unix/Win32] – Decodes (unencrypted) MySQL traffic, and produce a log of SQL requests/responses along with performance indicators.
  • IMAP/SMTP/POP Plugins [Unix/Win32] – Email plugins for decoding (unencrypted) email traffic and generate flows and logs of email activities.
  • SIP/RTP Plugins [Unix/Win32] – Plugins for decoding VoIP (Voice over IP) traffic and producing call log, and voice information (jitter and packet loss).
  • Oracle Plugin [Unix/Win32] – Similar to MySQL plugin, just for Oracle databases.
  • HTTP Plugin [Unix/Win32] – Decode HTTP traffic and HTTPS certificates. It can generate a comprehensive log of HTTP traffic, including page download and network/server delay. Microcloud friendly.
  • DNS Plugin [Unix/Win32] – Decodes DNS traffic, and produce a log of main domain name resolution activities. Microcloud friendly.
  • NetFlow-Lite Plugin [Unix] – Plugin for collecting NetFlow-Lite traffic sent by some Cisco switches.
  • GTPv1 Plugin [Unix/Win32] – Plugin for decoding GTPv1-C (2G and 3G networks) signalling and producing comprehensive mobile user and traffic tracking. Microcloud friendly. Available only in binary format.
  • GTPv2 Plugin [Unix/Win32] – Same as GTPv1 plugin, just for v2 protocol version used in LTE (Long Term Evolution) mobile networks.
  • Radius Plugin [Unix/Win32] – Plugin decoding Radius traffic including 3GPP extensions for mobile networks. Microcloud friendly.



High-speed packet capture, filtering and analysis. PF_RING™ is a new type of network socket that dramatically improves the packet capture speed, and that’s characterized by the following properties:

  • Available for Linux kernels 2.6.32 and newer.
  • No need to patch the kernel: just load the kernel module.
  • PF_RING™-aware drivers for increased packet capture acceleration.
  • 10 Gbit Hardware Packet Filtering using commodity network adapters
  • User-space DNA (Direct NIC Access) drivers for extreme packet capture/transmission speed as the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without any kernel intervention. Using the 10Gbit DNA driver you can send/received at wire-speed at any packet sizes.
  • Libzero for DNAfor distributing packets in zero-copy across threads and applications.
  • Device driver independent.
  • Kernel-based packet capture and sampling.
  • Libpcap support (see below) for seamless integration with existing pcap-based applications.
  • Ability to specify hundred of header filters in addition to BPF.
  • Content inspection, so that only packets matching the payload filter are passed.
  • PF_RING™ plugins for advanced packet parsing and content filtering.
  • Ability to work in transparent mode (i.e. the packets are also forwarded to upperlinks so existing applications will work as usual).

Drop us a line for questions, demos and pricing


ntopng is the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Windows as well.

ntopng users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntopng can be seen as a simple RMON-like agent with an embedded web interface.


the Community edition is the standard ntopng that you can use free of charge and that implements a robust and easy to use web-based traffic monitoring application. The Professional edition is an enhanced version of ntopng that includes modern reports and many new features listed below on this article. This edition is available at a small cost to better serve the ntop community.


  • Community Edition
  • Moved the code to GitHub for easier collaboration
  • Added ability to aggregate traffic from various network interfaces on the same interface view while keeping interface traffic split. Example ntopng -i eth1, -i eth2 -i view:eth1,eth2
  • Added support for the latest nDPI that includes support for various new protocols (e.g. QUIC) and new versions of existing ones (e.g. Skype). nDPI is also used to drop application traffic in the professional noting edition
  • Hardened the code to support mid/large organisations and high traffic volumes, as well for operating on hosts with little memory
  • Added network latency in flows (server vs client network latency)
  • Added flow TCP traffic statistics (packets retransmitted, lost, and out of order)
  • Enhanced host alerts (including traffic quotas) and added interface alerts. You can now for instance generate traffic alerts when an interface has too much traffic or if a host has passed its daily traffic quota
  • Ability to sniff from netfilter interface
  • Alerts are now generated when ntopng detects a flooder or a network scanner (as well when accessing malware sites [-c plugin])
  • Integration of ntopng with nagios: you can now create nagios plugins to query ntopng and thus emit alerts based not traffic conditions
  • Ability to categorise malware (-c option) using the Google Safe Browsing API that replaces the block.si service present in ntopng 1.x
  • Added ability to fine-tune RRD configurations
  • Added ability to generate a traffic report for all hosted HTTP servers (on local networks): ISPs can now create a hourly report of all the thousand of servers they are hosting
  • Ability to work behind an HTTP reverse proxy
  • Enhanced the ElasticSearch export facility to cope with latest additions such as host geolocation
  • Enhanced host GeoIP location
  • Added reports per AS, geo-location, network, HTTP servers
  • Added per-network RRDs
  • ntopng can now be queried via HTTP tools such as curl or wget with authentication enabled
  • Added ability to dump specific traffic (e.g. of a selected host) or when specific traffic conditions arise (e.g. too much traffic) on a tap interface and attach applications such as Wireshark/tcpdump to it. Similarly added ability to dump traffic to disk in pcap format
  • Added HTTP virtual hosts support in HTML reports
  • Added ability to send data in Lua using UDP (for instance you can use it for exporting metrics to Graphite)
  • Professional Edition:
  • Dynamic dashboard that includes a realtime view of traffic
  • PDF-printable reports including top hosts/activities/protocols
  • Ability to operate in inline mode and thus implement a layer-7 firewall (even on low-end embedded boxes) and traffic shaper (drop traffic that matches certian protocols)
  • Graphs now rendered in a pretty way with zoomable (in and out) drill-down facility
  • Per-minute accurate reports (in JSON format) of top X activities so that users can use them to generate further traffic reports in addition to all those included in the pro version
  • Added SNMP support for visualising MIB-II host information through the ntopng web interface

ntopng User Guide

ntop integrates with CloudShark

ntop n2disk Line Rate Packet Recorderntop is a diverse company with solutions for network monitoring, VPN, as well as packet-to-disk and wire-speed packet capture and transmission. These solutions, including n2disk, allow you to capture at multi-Gigabit rates on a live network interface without packet loss. With n2disk’s CloudShark integration, you can view those captures immediately, right in your browser.

Contact TruePath about CloudSharkSee what CloudShark products TruePath sells