Month Archives: November 2011

nProbe

Unveiling Application Visibility in ntop and nProbe (both in NetFlow v9 and IPFIX)
For years, applications have used static ports so that port 80 means HTTP, and port 25 SMTP. Unfortunately this 1:1 mapping has been relaxed years ago with dynamic ports so that a given service could use a range of ports (e.g. for circumventing security policies) or even a fully dynamic port (e.g. see portmap). The opposite is also true, namely HTTP can run on ports other than 80, so that you can see it for instance on port 3000 that is the default HTTP port in ntop. HTTP is also …
PF_RING

Exploiting Hardware Filtering in PF_RING-aware apps, Snort…
Introduction PF_RING filters have been designed to be efficient and versatile. PF_RING-based applications can use them for both reducing the amount of packets they need to process, and passing incoming packets to kernel plugins for further processing. Years ago, hardware packet filtering was limited to costly FPGA-based NICs, whereas today it is available also on commodity adapters such as Silicom 1/10 Gbit Director card, and Intel 82599-based 10 Gbit network adapters.   Filtering in PF_RING 5.2 Although past PF_RING versions supported limited hardware filtering, in PF_RING 5.2 we have completely …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe