Skip to content

6.4 Stable

Latest
Latest
Compare
Choose a tag to compare
@cardigliano cardigliano released this 19 May 07:12
· 23 commits to 6.4-stable since this release
6.4
e27e56a

ntopng 6.4 (April 2025)

Breakthroughs

  • New Asset Inventory / Digital Twin and Assets Dashboard
  • New Infrastructure Dashboard to oversee multiple regions
  • New Autonomous Systems (AS) report
  • New Quality of Experience (QoE) indicators
  • Add alert graph to visualize alerts graphically
  • Improve SNMPv3 polling and support for SHA256, SHA384, SHA512, and AES128 authentication protocols
  • Detect network and service scan by inspecting historical data to find slow scans
  • Aggregate engaged/historical alerts implementing in-memory tables
  • Add access control list (ACL) and alerting (no blocking)

Improvements

  • Add DHCP fingerprint support
  • Add JA4 client fingerprint
  • Add many new custom queries to historical flows
  • Add ability to determine when a host has a meaningful IP (IPv4 hosts only)
  • Add support for STARTTLS when sending emails (also added a preference)
  • Add custom field mapping (nProbe) in historical flows
  • Add --geoip-dir <dir> for loading GeoIP files from a custom location
  • Add preference to selectively enable ClickHouse flow dump
  • Add SNMP_MSG_REPORT support
  • Add service down check to scan alert
  • Add ApexCharts responsiveness
  • Add local vs remote traffic report
  • Add Redis operations timeseries
  • Add support for labels in timeseries
  • Add per-minute NetFlow timeseries
  • Add active exporters/interfaces count in log when limit exceeded
  • Add support for nDPI address cache
  • Change MAC serialization key based on mirrored traffic
  • Enhance OS detection
  • Extend conversation custom query with per-direction packets/bytes
  • Extend ZMQ decompression buffer
  • Implement NAT detected alert
  • Implement nDPI OS hint support
  • Implement broadcast domain serialization/deserialization
  • Implement alert for anomalous Redis read/write counts
  • Implement QUIC RTT calculation
  • Implement host OS change detection
  • Implement mechanism to retain old-dated collected flows longer
  • Improve Dashboard layouts
  • Improve Webhook messages and latency
  • Improve flow swap euristic
  • Improve localhost MAC detection
  • Improve flow alerts and add ability to refresh already-triggered alerts
  • Improve host MAC address learning
  • Improve service detection reliability
  • Improve retransmission/out-of-order computation
  • Improve formatting of Redis stats
  • Improve hostname resolution
  • Improve host label formatting (MAC hidden when IP is present)
  • Improve formatting for large numbers
  • Improve TCP window handling
  • Improve host MAC address learning
  • Improve host policy check
  • Introduce ntopng Guru on Gurubase.io
  • Unify Bootstrap table style with custom tables for dark mode
  • Rework three-way handshake state detection
  • Rework remote throughput collection
  • Rework DNS flow direction handling
  • Rework RTT calculation
  • Optimize drop counters
  • Add decoding hardening checks
  • Add MDNS buffer length check
  • Update MAC address models list
  • Update to VueJS 3.5 with reworked observation point ID
  • Various active monitoring improvements
  • Rework TCP flags handling
  • Integrate domain collection code
  • Display APN MAC and SSID in historical flows
  • Dump WLAN_SSID and WTP_MAC_ADDRESS in historical flows
  • Support Linux interface aliases (altnames)

Changes

  • Add sticky action column to tables
  • Add option to dump pcap flows into ClickHouse
  • Add SNMP delete-all button and fixed unresponsive delete button
  • Add RTT/Jitter table
  • Add Lucide as internal library
  • Add recipient stats for all endpoints
  • Add Speedtest timeseries
  • Add MAC address cache duration preference
  • Add remediations for nDPI alerts
  • Add license limits page
  • Add SNMP data import/export support
  • Add MITRE table and alerts view on ClickHouse cluster
  • Add manufacturer to historical flows
  • Add native sFlow (packet sample only) collector
  • Add preference to exclude new interfaces from SNMP usage automatically
  • Add L7 (nDPI) JSON collection in Suricata collector
  • Extend number of interfaces supported by the view interface
  • Show toasts when the flows/hosts limit is exceeded
  • Rework DHCP flow key
  • Change table styling for dark and white modes
  • Disable hourly on unsupported queries
  • Add per-direction packets/bytes in historical flows table
  • Add LDAP preference to enable extend user capabilities
  • Add server/client TCP flags to syslog
  • Use SNMP aliases instead of names when available
  • Increase ntopng password max length to 128 characters
  • Implement ICMP type/code support
  • Collect ICMP_TYPE
  • Clean SQLite schema (removed problematic backticks, indentation fixes)
  • Rework alert serialization and changed alert info format
  • Modify nDPI defaults for RTP stream handling
  • Merge TCP probing and probing attempt
  • Support IPv6 address formatting with brackets
  • Use capabilities for enabling SNMP trap collection
  • Support enabling/disabling ClickHouse flow dump (alerts always dumped with -F clickhouse)
  • Update API version and cleaned up code
  • Enable filtering by custom fields sent from nProbe
  • Remove JA3 leftovers and unused MIBs
  • Remove obsolete TLS suspicious ESNI usage and improved device type guessing
  • Remove support for deprecated apcon/VSS timestamps
  • Remove packets from in/out traffic (unsupported for hourly)
  • Remove obsolete flow serializers

Fixes

  • Fix -x/-X option limits (now displayed in About page)
  • Fix various issues on historical flow charts
  • Fix SNMP page alert
  • Fix link button color
  • Fix format_utils.round function
  • Fix top senders/receivers sorting on timeseries page
  • Fix incorrect alerts counter on top of page
  • Fix various dark mode style issues
  • Fix server types in view interface
  • Fix live stats reset on view interface
  • Fix ClickHouse health page not found
  • Fix JS table crash on missing sort column
  • Fix asset link and last seen formatting
  • Fix Suricata-DNS alert correlation
  • Fix packet stats formatter on interface page
  • Fix random crash on interface timeseries page
  • Fix various SQL queries
  • Fix default date-time values
  • Fix suspicious DGA domain alert
  • Fix host pool import and duplicate alert suppression
  • Fix name display bugs
  • Fix incorrect retransmission stats
  • Fix host details flow table
  • Fix IEC104 REST and added error messages
  • Fix Speedtest issues
  • Fix Sankey chart overflow
  • Fix application editing without proto files
  • Fix time label in timeseries
  • Fix exporter timeseries for sub-interfaces
  • Fix http_prefix missing in some pages
  • Fix Modbus alert behavior
  • Fix BS5 tooltip stacking
  • Fix overlapping address handling in network policy
  • Fix early flow expiration with netfilter
  • Fix TCP retransmission handling with ZMQ
  • Fix incorrect alert scores
  • Fix alert score in CustomFlowLuaScript
  • Fix flow deallocation with failed/disabled alert
  • Fix L7 timeseries direction
  • Fix usage calculation error
  • Fix InfluxDB top timeseries
  • Fix InfluxDB timeseries step issues
  • Fix Kafka issues
  • Fix missing user agent info in historical flow
  • Fix TLS info column in flow logs
  • Fix counter overflow
  • Fix OPNsense package install
  • Fix approximation issues in values
  • Fix double probe count in disaggregation
  • Fix SMTP/SMTPS STARTSSL handling
  • Fix OS rendering
  • Fix LDAP extended user capabilities
  • Fix InfluxDB local hosts report

nEdge

  • Enable Infrastructure Monitoring support
  • Support Multicast/Broadcast forwarding policies between restricted/trusted interfaces
  • Ignore shaper matching a 'Not Assigned' host when peer host matches a user/pool
  • Add gateway alert and configuration
  • Fix invalid nEdge update handling
  • Fix netfilter counters direction
  • Fix unexpected Modbus alert behavior
  • Remove pools limit from about page and default host pool counter
Assets 2
Loading