nTap is a virtual software tap designed for use in physical, virtual, cloud, and container environments. It enables the remote capture of network traffic and its secure delivery to an observation point. This is particularly useful when packet-level analysis is required and flow-based analysis tools like nProbe/nProbe Cento are insufficient. Unlike physical taps, nTap can deliver monitored traffic remotely, eliminating the need for direct cable connections. It also encrypts packets end-to-end, preventing unauthorized access to monitored traffic. Furthermore, nTap can apply packet filtering, a feature typically found in more expensive packet brokers. Its compatibility with containers, virtual machines, and dynamic environments like Kubernetes makes it versatile for modern network monitoring needs. nTap consists of two main components: the nTap remote, which is installed on the device to be monitored, and the nTap collector, which receives and decrypts the encrypted packets sent by the nTap remote. The collector then pushes the decrypted packets onto a virtual ethernet interface, where applications like Wireshark, tcpdump, Suricata, or Snort can be attached. Optionally, the nTap collector can also send packets to Open vSwitch for added flexibility. ntop applications such as nProbe (Enterprise M/L) and ntopng (Enterprise L) embed the nTap collector, allowing direct connection of one or more nTap remote instances without the need for a separate nTap collector. nTap prioritizes security by delivering packets over encrypted channels via UDP. The communication is unidirectional, from the tap to the collector/ntopng/nProbe, without a return channel. This design is crucial for operation in high-security networks that restrict return channel communication. The end-to-end encryption uses symmetrical encryption, leveraging AVX instructions for maximum performance. nTap adds a micro-layer containing metadata such as packet capture time and length, while ensuring that encryption does not increase the original packet size. nTap does not require a commercial license when used with ntopng and nProbe, as these applications include native code support. The remote tap application never needs a license, enabling deployment in dynamic environments. The collector application requires a license only when used with applications other than ntopng Enterprise L and nProbe Enterprise M/L. Multiple remote taps can send traffic to the same nTap collector or nProbe/ntopng applications.

Features & Benefits

• Remote Traffic Capture
  • Captures traffic remotely, eliminating the need for physical proximity.
• Secure Delivery
  • Delivers packets with end-to-end encryption, preventing unauthorized access.
• Packet Filtering
  • Applies packet filtering on monitored traffic, enhancing control and reducing noise.
• Container and VM Compatibility
  • Works seamlessly in containers, virtual machines, and Kubernetes environments.
• Unidirectional Communication
  • Uses unidirectional communication for enhanced security in restricted networks.
• Performance Optimization
  • Leverages AVX instructions for maximum encryption performance.
• Integration with ntop Applications
  • Seamlessly integrates with ntopng and nProbe, eliminating the need for a separate collector.