Author: admin

  • Home
  • Articles by: admin
nProbe

Flow-Based Monitoring, Troubleshooting and Security using nProbe
nProbe is a tool developed over the last 10 years, and thus it has been extended and improved year by year. However many users, even those who are using it since a long time, might not know all its features. Next week at Flocon 2017, I will give a talk about nProbe. The idea is to position nProbe (e.g. against the popular YAF tool), highlight what people can do with it (in addition to traffic monitoring and troubleshooting) and learn that nProbe is much more than a network sensor. I invite …
nProbe

Monitoring VoIP Traffic with nProbe and ntopng
VoIP applications usually limit theirs monitoring capabilities to the generation of CDR (Call Data Records) that are used for the generation of billing/consumption data. In essence you know how many calls a certain user/number has made, the duration etc. While this information can be enough for basic monitoring, it is not enough for guaranteeing reliable call quality as these systems are essentially blind with respect to call quality. Wireshark can analyse both call signalling and voice, but it is a troubleshooting tool meaning that it cannot be used for permanent …
cento

Stream That Flow: How to Publish nProbe/Cento Flows in a Kafka Cluster
Apache Kafka can be used across an organization to collect data from multiple sources and make them available in standard format to multiple consumers, including Hadoop, Apache HBase, and Apache Solr. nProbe — and it’s ultra-high-speed sibling nProbe cento — integration with the Kafka messaging system makes them good candidates source of network data. The delivery of network data to a redundant, scalable, and fault-tolerant messaging system such as Kafka enables companies to protect their data even in-flight, that is, when the consolidation in a database has still to occur. An impatient reader who is eager to use Cento for …
ntopng

ntopng MySQL Flow Export: Increase the Maximum Number of Open Files
ntopng uses partitioned MySQL tables when storing flows. As MySQL needs a file handle for each partition and its index, it is important to make sure that the open_files_limit is large enough to allow the process to keep all these files open. Typically, open_files_limit  default value works out-of-the-box but there are some packages/distributions that keeps this number pretty low. When the current value is too low, ntopng can show errors such as [MySQLDB.cpp:55] ERROR: MySQL error: Out of resources when opening file './ntopng/flowsv6#P#p23.MYD' (Errcode: 24 - Too many open files) [rc=-1] …
News

ntop Users Meeting 2016 Retrospective
Earlier this week we have organised a ntop user’s workshop hosted at Sharkfest EU 2016. For those who have not been able to attend this session, below you can find the slides we have used for presentation. Introduction ntopng: Web-based Traffic Analysis nDPI: Open Source Deep Packet Inspection PF_RING: High-Speed Traffic Processing Hands-On Session Product Roadmap Feel free to contact us if you have any questions. …
nProbe

ntop and Kentik bring nProbe to the Cloud
Traditionally nProbe is used as a host-based network monitoring probe able to produce “augmented” flow records including performance monitoring, security and visibility information. We have a common vision with Kentik of how network instrumentation needs to evolve beyond “just” bytes and packets-based NetFlow, and of how that can enable users to understand network performance and security challenges. This year, we entered a partnership with Kentik to leverage nProbe to export rich network metrics to the Kentik Detect big data network analytics cloud platform, and we’re proud to announce the first …
Announce

You’re Invited to the ntop Users Meeting and (free) Tutorial
Earlier this year we have held a ntop meetup in USA. Now we want to invite you to attend the ntop users meeting that will take place on October 17th (2 PM-5 PM), during the SharkFest Europe 2016 conference. The idea is to meet the ntop community, present our tools, highlight future work items and teach you how to master our tools. The ntop core team will be present at the event, and we would like to meet our users in person as we need to learn what are the things we …
nProbe

Flow-based Monitoring: nProbe Cento vs Standard/Pro
Since the introduction of nProbe Cento, we receive periodically emails of users wondering what are the differences between these two applications. This post is to clarify the differences, and better position them. The nProbe family is a set of flow-oriented applications, meaning that each packet is not handled individually but as part of a flow (e.g. a TCP connection or a UDP communication such as a VoIP call). This task is significantly more expensive than handling packets individually because we need both to keep the flow state and process packets in …
ntopng

ntopng 2.6 Roadmap
As we have released 2.4, it is now time to plan for the next release and highlight the list of features we plan to implement so we can start a discussion and get some feedback. The major changes we would like to introduce include: Rework interface views to make them more efficient and not an expecting as they are today. Add full support for sFlow/NetFlow so that we can keep per interface statistics as many other collectors do. Introduce some “enterprise-oriented” features such as per-AuthononousSystem statistics and traffic accounting, qcreate …
Guides

Best Practices for Efficiently Running ntopng
The default ntopng configuration, is suitable for most of our users who deploy it on a home network or small enterprise network (typically a /24 network) with link speed <= 100 Mbit. This does NOT mean that ntopng cannot operate on faster/larger networks, but that it cannot be used without any configuration. The first thing to modify are the -x/-X settings. You need to set them to double the max size you expect on your network. Example if you expect to have (including both local and remote hosts) at most …
ntopng

Announcing ntopng 2.4: Efficiency is Beauty
At ntop we are on a mission to develop enterprise-grade networking software, mostly open-source, and free of charge for no-profit/research organizations. Since our inception, we have been passionately and resiliently developing software to allow our users to monitor, protect, and preserve their network infrastructure. And we have been doing this in a relentless pursuit for the best and most efficient solution. We know that in the big-data era it is becoming increasingly easy to “add an extra appliance” — after all, it’s not that expensive — but this is not at the heart of our …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe