nProbe™

Extensible NetFlow v5/v9/IPFIX Probe and Collector

In commercial environments, NetFlow is probably the de-facto standard for network traffic accounting. nProbe includes both a NetFlow v5/v9/IPFIX probe and collector that can be used to play with NetFlow flows. This means nProbe™ can be used:

  • To collect and export NetFlow flows generated by border gateways/switches/routers or any other device that can export in NetFlow v5/v9
  • As a drop-in replacement of embedded, low-speed, NetFlow probes that may already been deployed
  • To analyze multi-Gbit networks at full speed with no (or very moderate) packet loss
  • To send monitored flows towards a collector such as the open-source ntopng or a commercial one (e.g. Cisco NetFlow Collector or Plixer)

Currently nProbe™ is a software application available stand-alone or as an embedded system (nBox appliance).

nprobe-short
at a glance

Key Features

  • Layer-7 visibility and accounting with 450+ detected applications (e.g. Teams, BitTorrent, Citrix, ...)
  • Integrate with ntopng to visualize, collect, and analyze monitored traffic
  • NetFlow v5/v9/IPFIX support for efficient flow handling and legacy routers compatibility
  • Flexible NetFlow export for the creation of custom NetFlow templates, with optional PEN support
  • Convert Cisco ASA and sFlow into NetFlow v5/v9/IPFIX
  • Cisco NetFlow-Lite support
  • Native support for PF_RING Zero Copy (ZC) for ultra-high speed packet capture
  • Flow and packet sampling
  • Agent mode support on Windows and Linux systems (eBPF based) to augment network metadata with users and processes
  • IPS inline mode for blocking and shaping traffic at Layer-7
  • Flow export to Kafka, ElasticSearch, Apache™, Syslog, MySQL/MariaDB, Splunk (via TCP streaming)
  • Flow dump to text files (CSV)
  • Support of tunneled traffic (GRE, PPP, VXLAN, GTP) and export of inner/outer envelope/packet information
  • VoIP (SIP and RTP) traffic analysis including voice quality and pseudo MOS
  • HTTP, MySQL/Oracle, DNS protocol analysis and logs generation
  • Fully interoperable with commercial collectors such as IsarFlow, Fluke, Cisco, Dartware, Arbor Networks, Plixer, NetFlow Auditor, SolarWinds Orion NTA, Andrisoft
Works great with ntopng!

nProbe works even better when paired with ntopng. Unlock advanced flow-based traffic analysis and deep visibility into your network!

Ideal for Every Environment

Use Cases

Flow Probe on Mirror/TAP

This mode can be used to analyse traffic from a mirror or TAP device and export flows in NetFlow v5/v9/IPFIX format or to ntopng.

Mirror (SPAN) ports or TAP devices allow network monitoring tools to observe all packets flowing through the network for for network visibility, troubleshooting, threat detection, and capacity planning, without generating traffic or altering the data path.

  • Mirror Port (SPAN): available on most managed switches, duplicates traffic from selected ports or VLANs to a dedicated monitoring port.
  • TAP Device: transparently copies all network traffic at the physical layer, acting as a bump-in-the-wire and providing a fail-safe method for capturing traffic.

A physical NIC card connected to a mirror can be monitored by nProbe by simply specifying its interface name. This configuration can be used to monitor a mirror port from a switch, or in conjunction with a TAP device by aggregating two directions from two network interfaces.

This mode can be used to collect flows in NetFlow v5/v9/IPFIX format and deliver flows to ntopng.

In proxy mode it is possible to convert from/to IPFIX/NetFlow v5/v9 in order to smoothly upgrade to newer NetFlow protocol versions while capitalizing on previous protocol versions. So you can for instance convert flows coming from your v5 router into IPFIX and vice-versa.

In this configuration nProbe acts as a bridge device by applying Layer-7 policies to the bridged traffic.

Specifications

Tech Specs

  • Linux
  • FreeBSD (including OPNsense and pfSense)
  • Windows x64 (including Windows 10/11)
  • macOS
  • RaspbianOS
  • NetFlow v5/v9/IPFIX
  • ZMQ (ntopng)
  • Kafka
  • Text file (CSV)
  • MySQL/MariaDB
  • ElasticSearch
  • TCP Stream
  • Syslog
  • Limited memory footprint (less that 2 MB of memory regardless of the network size) and CPU savvy
  • Designed for running on environments with limited resources and embedded systems (ARM and  MIPSEL-based)
  • IPv4/IPv6
  • TCP/UDP/ICMP
  • GTP/GRE/MPLS/VXLAN/PPP
  • 450+ Layer-7 application protocols supported by nDPI
models

Choose Your Model

Did you already install the software?

Install

Select the model. Different models unlock different features and capacity. Check the comparison table.

Pro
299€
  • Layer-7 traffic inspection with nDPI
  • NetFlow/sFlow flow collection
  • PF_RING packet capture acceleration
  • NetFlow and ZMQ export
  • IPv4 deduplication
  • Modbus support
  • Designed for SMEs
Buy
Enterprise S/M/L
499+€
  • All Pro features included
  • Kafka, ElasticSearch, JSON export
  • NetFlow-lite collection
  • Deep protocol analysis for HTTP, DNS, IMAP, RTP, GTP, ...
  • Agent mode
  • Flow collection deduplication
  • Designed for large organizations, telcos, ...
Buy

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe