Using nProbe for Solving General Traffic Monitoring Tasks
Most people use nProbe just as a basic NetFlow/IPFIX probe where traffic monitoring is limited to packet header analysis, without further dissecting protocols. This practice is very common inside the NetFlow community and it’s one of the reasons why flow-based analysis has not changed much since its inception. Fortunately nProbe can do much more than [...]
PF_RING in 2012
From time to time the kernel folks are sick and tired of people saying PF_RING is better than what we have upstream, it really isn’t. Fortunately (for PF_RING) the story is a bit different not to mention that some of PF_RING features such as clustering have probably inspired AF_PACKET too.
For 2012 we have [...]
Unveiling Application Visibility in ntop and nProbe (both in NetFlow v9 and IPFIX)
For years, applications have used static ports so that port 80 means HTTP, and port 25 SMTP. Unfortunately this 1:1 mapping has been relaxed years ago with dynamic ports so that a given service could use a range of ports (e.g. for circumventing security policies) or even a fully dynamic port (e.g. see portmap). [...]
Exploiting Hardware Filtering in PF_RING-aware apps, Snort…
Introduction
PF_RING filters have been designed to be efficient and versatile. PF_RING-based applications can use them for both reducing the amount of packets they need to process, and passing incoming packets to kernel plugins for further processing.
Years ago, hardware packet filtering was limited to costly FPGA-based NICs, whereas today it is available also on [...]
Released PF_RING 5.1 and TNAPIv2
PF_RING 5.1 is a maintenance release that addresses some issues we identified in 5.0 that we released early this month. We have listen to your comments and tried to improve our software applications both in terms of stability and speed.
In this release we introduce (PF_RING 5.0 was lacking TNAPI as we were busy coding [...]
Inline Snort Multiprocessing with PF_RING
Dear all,
our friends at MetaFlows have tested snort on top of PF_RING DAQ using 6765 Emerging Threats Pro rules. Using PF_RING-aware drivers (that are not optimized at all for TX), they have achieved a sustain rate of 700 Mbit in IPS mode. Guess what you can do using DNA.
Low RX/TX Latency with DNA
One of the great consequences of the DNA design, is that user-space applications can now transmit and receive packets without going through the kernel TCP/IP stack at all. This can be profitably used to reduce network latency bypassing the stack, and reading the number of user-space stacks that have been developed in the past years [...]
Not All Servers Are Alike (With DNA)
PF_RING DNA is a great success for us as we see the users community grow every day. At the same time, sometimes we receive complains of people who say that they can’t reach the performance we observed (i.e. 1/10 Gbit RX and TX wire-rate with [...]
PF_RING 5.0 Introduced: DNA 1/10 Gbit and vPF_RING
We’ve just cut the code of PF_RING 5.0. As it contains many changes with respect to the previous version, it deserved a major version number.
We refreshed our DNA drivers to 1 Gbit Intel NICs (e1000e and igb families) in addition to the existing 10 Gbit DNA driver. All the DNA drivers source code is [...]
Building a 10 Gbit Traffic Generator using PF_RING and Ostinato
Whoever has developed network applications, soon or later had to buy or rent a traffic generator. Years ago I have purchased my 1 Gbit IXIA 400T on ebay for 2500$, and I wanted to buy a 10 Gbit traffic generator when I started to develop DNA. Unfortunately I could not afford the price of those [...]
Browse By Date
- January 2012 (1)
- December 2011 (1)
- November 2011 (2)
- September 2011 (5)
- August 2011 (3)
- July 2011 (2)
- June 2011 (4)
- May 2011 (6)
- April 2011 (3)
- March 2011 (4)
- February 2011 (5)
- January 2011 (2)
- December 2010 (1)
- November 2010 (4)
- October 2010 (4)
- September 2010 (4)
- August 2010 (1)
- July 2010 (4)
- June 2010 (4)
- May 2010 (5)
- April 2010 (3)
- March 2010 (2)
- February 2010 (3)
- January 2010 (3)
- December 2009 (1)
