Today the new nProbe v6 has been released. It includes several improvements with respect to the previous version including:
- Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding.
- Ability to natively dump flows in FastBit format that allows to outperform relational and raw flow-based collectors.
- Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX).
- Collection of Cisco ASA flows and conversion in ‘standard’ flows.
- New nprobe architecture for better performance and exploitation of multicore architectures.
- Support of tunneled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information.
- HTTP and MySQL protocol analysis: ability to generate logs of web and mysql activities in addition to flow export.
- BGP Plugin for establishing a BGP session with a router and generate flows with AS and AS path information.
nProbe is available in three versions:
- Standard version: nProbe™ (without plugins) source code.
You can compile this software on Unix, Linux, Solaris, OSX and Win32 (nProbe™ for Win32 is available in both binary and source format). - Professional version: same as standard version with native PF_RING support (i.e. full packet capture acceleration), Fastbit support and some plugins (database, dump and layer-7 inspection plugin). This version is available only for Linux.
- Professional version with plugins: same as standard version with native PF_RING, Fastbit support and all plugins (including http and MySQL plugin). This version is available only for both Unix and Win32.
As usual nProbe is released under GPLv2 and it is free of charge for universities and researchers. Existing nProbe owners (who purchased previous versions no more than a year ago) can download v6 free of charge from the URL they have received when registered for the previous version.
More information can be found at the nProbe web page.