Author: admin

  • Home
  • Articles by: admin
PF_RING

Active vs Passive Polling in Packet Processing
From time to time, PF_RING users ask us whether they should use passive polling techniques (i.e. call pfring_poll()) or use active polling that basically means to implement an active loop until the next packet to process becomes available. All those who have read a programming book or attended university classes, might answer that polling is the answer. This also for various other reasons including energy saving in CPUs.  Unfortunately in practice the story is a bit different. If you want to avoid wasting CPU cycles, when you have nothing to do (i.e. …
PF_RING

Using sysdig from PF_RING (and soon from all ntop apps)
Months ago Draios Inc introduced sysdig a kernel module and user-space library for capturing systems events and thus analyse what is happening on a Linux box. The idea has been immediately appealing for us at ntop, this for many reasons: With our tools we can analyse network packets, extract metadata (e.g. URLs, network delays, username who has performed a certain action), but up to the system. In essence even though we install ntopng or nProbe onto a Linux box (either physical or virtual), we currently see packets and we miss …
ntop

Introducing ntopng 1.2
ntopng 1.2 is the result of  10 months of work. We have tried to both introduce new features, and make the product more robust, easy to use, and modern. The result is a simple tool with a refreshed GUI, user preferences, and new reports to display data in new ways. Leveraging on the multi-interface support, ntopng (unless a specific interface is specified) listens on all network interfaces so that you do not have to play with the command line to move from one interface to others All the tables are …
nDPI

Released nDPI 1.5
Today we have have released nDPI 1.5. The main changes include: Support of additional protocols such as Redis, ZeroMQ, Collectd, Megaco. Fixed bugs in existing protocol dissectors and refreshed protocols that changed since the previous release (e.g Skype that is a real moving target). Major improvements of the sample ndpiReader application: Added 10 Gbit DNA/ZC support when capturing live traffic. Added ability to produce JSON reports when reading pcap file traces. Added new protocol encapsulations such as MPLS, PPPoE. Added new protocol/packets statistics (e.g. Ethernet statistics). Fixed bugs when handling IPv6 packets. Introduced …
ntop

Mini-Tutorial: Fresh Install of ntopng on Centos 7
IMPORTANT: This post contains outdated information. See README.compilation for updated instructions. This is how to compile ntopng in a fresh centos 7 x64 installation For the impatient: # yum install -y subversion autoconf automake make gcc libpcap-devel libxml2-devel sqlite-devel libtool glib2-devel gcc-c++ $ svn co https://svn.ntop.org/svn/ntop/trunk/ntopng $ ./autogen.sh $ ./configure $ make $ ./ntopng --help ntopng x86_64 v.1.1.4 (r7865) - (C) 1998-14 ntop.org <snip> Step by step description Pull the source code from the ntop svn repository. To do this, you need first to install subversion using yum as follows $ …
Announce

Introducing ntop Video Tutorials
We have been asked many times to create some videos that introduce novice users to our tools and products. Although English is not our mother tongue, we have decided to take this request seriously and start uploading them on the ntop channel. This said we need your help and we hope that you will contribute by sharing your videos with the whole community. …
ntopng

Creating a hierarchical cluster of ntopng instances
As you know via ZMQ you can use ntopng as collector for nProbe instances. You can decide to merge all probes into one single ntopng interface (i.e. all the traffic will be merged and mixed) or to have an interface per probe. Example: Start the remote nProbe instances as follows [host1] nprobe --zmq "tcp://*:5556" -i ethX [host2] nprobe --zmq "tcp://*:5556" -i ethX [host3] nprobe --zmq "tcp://*:5556" -i ethX [host4] nprobe --zmq "tcp://*:5556" -i ethX If you want to merge all nProbe traffic into a single ntopng interface do: ntopng -i tcp://host1:5556,tcp://host2:5556,tcp://host3:5556,tcp://host4:5556 If you want to …
Announce

ntop at SHARKFEST’14
The ntop core team will be at the SHARKFEST in June, the annual 4-day conference, focused on sharing knowledge, experience and best practices among Wireshark developers and users. Luca Deri will be among the speakers talking about “Monitoring Mobile Network Traffic (3G/LTE)“. Join us June 16th through June 20th at the Dominican University of California in San Rafael, CA! …
nProbe

Introducing nProbe Splunk App for (Free) Network and Application Monitoring
Splunk is a popular realtime data capture, aggregation, and data visualisation system. Designed initially for handling application logs, in its current version is available  with a free enterprise license can index up to 500 megabytes of data per day. We have decided to use Splunk to capture and index in realtime flows generated by nProbe, and in particular those that contain non-numerical information, such as HTTP URLs for instance. The versatile of splunk is such that it can be easily customised with a few mouse clicks, so that new reports, views …
Announce

Napatech and ntop will demonstrate 10 Gbps capture-to-disk at RSA and MWC
Napatech, the world’s leading supplier of network analysis adapters, and ntop, the renowned traffic monitoring software expert, today announced a collaboration focused on accelerating time to market for high-performance network management and security appliances. The first initiative is a 10 Gbps capture-to-disk solution that will be demonstrated at Mobile World Congress and RSA, February 24-28. Capture-to-disk is fast becoming a critical capability for appliances used in network management and security as well as real-time big data analytics, but it requires expertise to implement, especially for high-speed applications. Commercial-off-the-shelf (COTS) servers offer …
n2n

Using n2n with Amazon (AWS) EC2
Although we currently have no time to further develop n2n (we have put the project on hold until we have time to work at it again), this tool is still widely used. This article (courtesy of Stuart Buckell) shows how to use n2n to enable broadcast and multicast support on Amazon (AWS) EC2, which is required for certain enterprise applications and protocols. Enjoy! …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe