Our friends at Plixer have written a nice article about how to use nProbe to export HTTP and latency information. Note that you can also use the nProbe http plugin to trace HTTP events and rebuild user sessions. This as netflow is not exactly the best protocol to use for exporting this information. The available […]
Monitoring Traffic Using ntop: Cisco Traffic Analyzer
Most network administrators use ntop for monitoring ethernet traffic. ntop can do much more than this and also monitor Fibre Channel and SCSI traffic. Cisco Traffic Analyzer is a software product based on ntop whose goal is to give Cisco MDS 9000 users a view of the network traffic. Did you know that ntop can […]
Using PF_RING with Snort and Suricata for IDS/IPS Acceleration
Some users are exploiting PF_RING acceleration to improve popular IDS/IPS applications such as Snort and Suricata. Suricata leveraged PF_RING since day one thanks to Will Metcalf, whereas I have added (again together with Will) support in snort using the DAQ library part of the 2.9 version. Acceleration does not mean just improved packet capture, but […]
Meet ntop at RIPE 61 Rome (15-19 November)
Those who are interested in hearing about high-speed packet capture and filtering and to monitoring in general, can show up at the next RIPE 61 meeting that till take place in Rome (15-19 November). I will be speaking about hardware packet filtering using commodity adapters and how this work can be used in real life, […]