We’re excited to announce the release of nProbe 11.0. This release incorporates several improvements and brings major improvements in flow analysis, tunnel handling, and TCP statistics, along with new features that make nProbe even more flexible and robust for complex network monitoring environments.
Key Highlights
Advanced TCP Flags Analysis
nProbe 11.0 introduces enhanced TCP flag analysis, enabling more precise insights into TCP session behavior and improving visibility into flow state transitions.
Enhanced GTP-C/GTP-U Traffic Correlation
With this new release we have enhanced our GTP traffic processing and correlation (GTP-C with GTP-U) architecture. nProbe is used to dissect GTP-C and fill a redis cache with correlation data. For low-speed (<= 10 Gbit) links nProbe can also be used to process GTP-U, but for higher speeds nProbe Cento should be used. In this release nProbe Cento can now use the redis cache filled by nProbe to correlate GTP-U records with IMSIs.
Improved Fragmented Traffic Support
Fragmented traffic, especially in tunneled environments such as GTP, is now handled more efficiently. The new logic ensures more accurate flow reconstruction even with complex encapsulations like GRE+IP+GTP+IP.
Enhanced Flow Swapping Logic
Flows are now swapped by default with improved heuristics for direction detection, resulting in more consistent and accurate flow representation across monitoring setups.
For users who prefer the old behavior, the new option --disable-flow-swapping allows disabling this feature.
New Information Elements (IEs)
nProbe 11.0 expands the available set of IPFIX Information Elements to deliver richer and more granular data:
%TCP_STATS_SRC_TO_DSTand%TCP_STATS_DST_TO_SRC: export detailed per-direction TCP statistics.%NPROBE_SOURCE_ID: uniquely identify each nProbe instance in multi-probe environments.%TCP_FINGERPRINT: now part of the@NTOPNG@template for advanced TCP analysis.%SRC_ASand%DST_AS: export source and destination Autonomous System numbers to ntopng.- Removed
%BITTORRENT_HASHfrom the@NTOPNG@template for efficiency and relevance.
New and Updated Command-Line Options
Several new options have been added or updated for greater flexibility:
--disable-flow-swapping: disable automatic flow direction swapping.--ndpi-protocols-dir: load custom nDPI protocol definitions from a directory.--asn-mode: for ASN analytics.--zmq-fanout: broadcast flow data to all ZMQ exporters instead of using round-robin distribution.- Extended collector mode
-3to support TZSP packet collection.
Performance and Behavior Improvements
- Better handling of fragmented UDP traffic in SARL fragment mode (
-7). - Recognition of swapped ICMP echo flows.
- ZMQ statistics are now sent on shutdown for improved monitoring.
- Avoid exporting flows without packets in the reverse direction.
- Improved sampling upscaling accuracy.
- Hostnames are now included in flow exports.
- nProbe XL exporter limit increased from 256 to 512 exporters.
- Enhanced HTTPS support in the HTTP plugin.
- Updated nDPI APIs for improved protocol detection and reliability.
Fixes and Stability Enhancements
This release includes a long list of fixes that improve robustness and compatibility:
- Corrected pcap handling with
--interpret-flow-packets. - Fixed GRE dissection and encapsulation issues.
- Fixed bugs affecting swapped flow exports and unidirectional traffic.
- Improved STUN detection and fixed crashes related to custom nDPI protocols.
- Resolved invalid bitmap initialization and flow export issues.
- Fixed nDPI initialization problems and memory leaks.
Platform & Packaging Updates
- Added Raspberry Pi (Debian 13) packaging support.
- Added support for Rocky Linux 10 and Debian 13.
- Improved Windows compatibility.
Why Upgrade to nProbe 11.0?
This release focuses on deeper protocol visibility, smarter flow direction handling, and broader platform support, making it the most capable and versatile version of nProbe to date. Whether you deploy nProbe standalone, in distributed monitoring environments, or together with ntopng, upgrading ensures better accuracy, richer data export, and higher performance.
Enjoy !