nBox86 : Embedding ntop and nProbe on a Generic x86 PC

Many ntop users realized that running a ntop/nProbe on a PC is not always the best choice for several reasons:

  1. PCs have moving parts that can break making the probe unavailable.
  2. PCs are large, need monitors and keyboards, whereas probes often need to be deployed on places where there is not much space available.
  3. Administering PCs is not cheap and they require the purchase of an OS, its installation and maintenance.
  4. In large networks divided in several trunks it is necessary to have several probes each analyzing a trunk. This requires that multiple PC running nProbe are deployed across the network.
  5. The cost (for both hardware and maintenance) of a PC+ntop/nProbe is not neglectable in particular if several probes need to be deployed.
On the other hand you probably have a spare x86 PC you would like into a measurement box at little cost. If you're an ntop/nProbe user who wants to:
  1. have a measurement box based on ntop/nProbe
  2. use an x86 PC (just the motherboard, CPU, memory and up to 3 network cards, no hard disks are required)
  3. administrer the box using a simple web interface without having to start applications from the command line interface.
...then you probably need nBox86.

 

Main Features

  1. Runs on every x86 PC (i586 and above able to run Linux).
  2. Ability to handle up to 3 (10/100/1000) ethernet network interfaces.
  3. Ability to work in pass-through mode (i.e. the traffic flows inside the box).
  4. Based on Linux.
  5. Access via SSH and Web (http/https).
  6. Boot in less than 20 seconds (it depends on your PC speed).
  7. Easy configuration via the Web interface.
  8. Firmware upgrade via web.
  9. Ability to clone configurations save/restore it on a PC.

 

Performance

The nBox86 performance depends on the PC you use. With a low-end i586 PC you can easily use nProbe/ntop to monitor a 10/100 network, with a better CPU and a Gigabit ethernet you can monitor your network backbone. If you're familiar with ntop you also know that the overall performance varies with the number of hosts and type of traffic.

Usually nBox86 is placed either on a mirrored port or next to the border gateway (e.g. a hub can be used to duplicate the traffic from/to the ethernet port of the gateway). Due to its low cost, web interface, remote maintenance, nBox86 is the ideal choice for adding NetFlow support to your existing network without the need to purchase or replace your existing router/switch nor allocating a PC for this task. You can also decide to use the nBox86 for running ntop on it without the need to compile ntop yourself.

 

Installation

nBox86 is distributed in binary format (disk image) for easy installation on a PC you already own.

Ingredients:

  1. x86 PC with at least 128 MB of RAM and a Pentium or better processor.
  2. nBox86 firmware image.
  3. IDE Flash disk or 128 MB Compact Flash with Compact Flash IDE Adapter.

Installation (see the installation guide):

 

Usage

Turn on your nBox86 and wait until nBox86 starts up, usually within 30 seconds. When the nBox86 you can access it using one of the following methods: SSH or http/https. Remember that the nBox86 is basically a Linux box with ntop/nProbe embedded. As this computer has no moving parts (unless you have a fan on your CPU/power supply), you can plug/unplug it as you want without loosing any data. Although the box can be administered as a normal Linux box using command line tools, the best way to do this is by means of the embedded web interface. In order to do this, point your web browser to https://192.168.160.10 (if you want you can also use http://192.168.160.10) in order to access the web console.

At this point you can login and administer you box. The user interface is divided in two parts: a column on the left that contains all the available options and a central panel that allows parameters for the selected option to be tuned. The interface enable users to control all the parameters of the box ranging from simple IP address change to complex firewall rules configuration to restrict access to the box. The following figures shows you how the nBox86 looks.


Welcome Page
General Configuration
User Configuration

ntop Configuration
nProbe Configuration
Java-based Web/SSH Shell

Service Administration
Firmware Update
Download/Upload Configuration

ntop and nProbe configuration options can be controlled via the web interface without the burden of command line editors and configuration files. There is no difference between the nProbe and ntop you download and install on a PC and the one contained into nBox86.

Any standard NetFlow collector (e.g ntop, Cisco FlowCollector, or HP-OV) can be used to analyse the flows generated by nBox86. When used with ntop, the nProbe can act as a remote and light traffic probe, and ntop as a central network monitoring console.

 

Availability

If you are a no profit institution or a university, you can have your nBox86 software image at little cost. Just drop us a mail where you explain why you qualify.

Currently there are two nBox86 versions available:

  1. Software
    You purchase a PC (or recycle one you already own) and upload the nBox86 firmware yourself (this is an operation that can be performed by any user in a couple of minutes). If you want we can also provide you and IDE hard disk/Compact flash with the firmware preloaded.
    NOTE: this version is available only to researchers and universities and it does not include any support.

  2. Hardware
    We can provide you an nBox86 compact flash with firmware uploaded or a complete box. There are several boxes availables ranging from small, cheap, multi-Ethernet, fanless solutions suitable for 100 Mbit networks, and rackable, dual CPU units with 64-bit network interfaces for high-speed Gigabit networks.
    If interested, please visit the nmon.net web site.

 

Documentation

 

FAQ

  1. Q: Is the nBox86 source code available?
    A: Yes of course, both ntop and nProbe are GPL.

  2. Q: What PC do I need to buy for running the nBox86?
    A: In principle you can use every x86 PC (Pentium or above) that's able to run Linux. You just need a PC and the nBox86 firmware.

  3. Q: Do you provide OEM and volume discounts?
    A: Yes of course, If interested please drop us a mail.

  4. Q: What do you do with the money you get charging for nBox86?
    A: This money is invested for doing research in ntop, nProbe and nBox86 projects.

 

Credits

NetFlow is copyright Cisco Systems.
Pentium is a trademark of Intel Inc.