Month Archives: November 2010

nProbe

How to Configure nProbe to Export URLs and Latency via NetFlow
Our friends at Plixer have written a nice article about how to use nProbe to export HTTP and latency information. Note that you can also use the nProbe http plugin to trace HTTP events and rebuild user sessions. This as netflow is not exactly the best protocol to use for exporting this information. The available options are: --http-dump-dir <dump dir> …
ntop

Monitoring Traffic Using ntop: Cisco Traffic Analyzer
Most network administrators use ntop for monitoring ethernet traffic. ntop can do much more than this and also monitor  Fibre Channel and SCSI traffic. Cisco Traffic Analyzer is a software product based on ntop whose goal is to give Cisco MDS 9000 users a view of the network traffic. Did you know that ntop can also do this? …
PF_RING

Using PF_RING with Snort and Suricata for IDS/IPS Acceleration
Some users are exploiting PF_RING acceleration to improve popular IDS/IPS applications such as Snort and Suricata. Suricata leveraged PF_RING since day one thanks to Will Metcalf, whereas I have added (again together with Will) support in snort using the DAQ library part of the 2.9 version. Acceleration does not mean just improved packet capture, but also the ability to fully exploit multicore architectures by spreading packets across multiple application instances. This is a unique feature that can’t be found in pcap-based libraries. This is an excerpt from the snort-users mailing …
PF_RING

Meet ntop at RIPE 61 Rome (15-19 November)
Those who are interested in hearing about high-speed packet capture and filtering and to monitoring in general, can show up at the next RIPE 61 meeting that till take place in Rome (15-19 November). I will be speaking about hardware packet filtering using commodity adapters and how this work can be used in real life, ranging from ntop/nProbe to snort and network troubleshooting. …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe