Author: admin

  • Home
  • Articles by: admin
n2disk

How to build yourself a nBox Probe and Packet Recorder
If you need a network probe or a packet recorder you have two options. Grab a turn-key nBox or built it yourself using our software. In the first case you will receive a optimised system, with the right motherboard/CPU/NIC for your monitoring tasks and all software preinstalled/configured. However if you want to build yourself your nBox (e.g. you can reuse an old/spare server or get a new one if you plan to address 10 Gbit monitoring) you can now do it. Below we will describe how to build it step by …
nDPI

Configuring nDPI for Custom Protocol Detection
The first release of nDPI was basically a refresh of the OpenDPI library on which nDPI is built. Over the past few months we have made many changes including: Port to various platforms including Linux, MacOSX, Windows and FreeBSD. Enhancement of the demo pcapReader application both in terms of speed/features and encapsulations supported (for instance you can now analyse GTP-tunneled traffic). Ability to compile nDPI for the Linux kernel so that you can use it for developing efficient kernel-based modules. Various speed enhancements so that nDPI is now faster than …
nProbe

Monitoring Mobile Networks (2G, 3G, and LTE) using nProbe
Monitoring mobile networks traffic has been traditionally perceived by the telecommunications industry as something complex, costly, proprietary. This is unfortunately one of the few fields where the open-source movement  has not been able to spread much, where vendor lock-in is still the standard. Last year we visited the Mobile World Congress in Barcelona to understand more about this world (btw, it’s a crazy expo as the  cheapest entry ticket costs 900$ and up), and the conclusion is that mobile terminals are pretty open thanks to Android, but the network is …
PF_RING

Not All Servers Are Alike (With DNA) – Part 2
Some time ago, we discussed on the first part of this post, why not all servers spot the same performance with DNA. The conclusion was that beside the CPU, you need a great memory bandwidth in order to move packets from/to the NIC. So in essence CPU+memory bandwidth are necessary for granting line-rate performance. In this post we want to add some lessons learnt while playing with DNA on modern servers. Lesson 1: Not all PCIe slots are alike With the advent of PCIe gen3, computer manufacturers started to mix …
nbox

BYO10GPR: Build Your Own 10 Gbit Packet Recorder
Packet recorder appliances are one of the last network components that have insane prices. Years ago this was justified by the fact that in order to capture traffic at high speed it was mandatory to use costly custom packet capture cards and often custom-designed hardware. With the advent of multi-10 Gbit packet capture technologies on commodity hardware such as PF_RING DNA, and the availability of high-performance computers such as those based on the Intel Sandy Bridge chipset the game has changed. Modern 10K RPM 6Gb/s SATA disks enable with 8 …
nProbe

Monitoring on the MicroCloud
When I started to develop ntop in 1998, it was clear to me that the network was a huge, volatile (or semi-persistent if you wish), constantly changing database. In ntop this database is implemented in memory, where for each received packet, ntop updates the hosts, protocols, sessions, packet size….. tables. The web interface is yet another way to view the database contents using a web interface. In order not to exhaust all the available resources (memory in primis), the ntop memory database periodically purges data that is no longer accessed …
nProbe

10 Gbit (Line Rate) NetFlow Traffic Analysis using nProbe and DNA
In the past couple of years, 10 Gbit networks are gradually replacing multi-1 Gbit links. Traffic analysis is also increasingly demanding as “legacy” NetFlow v5 flows are not enough to network administrators who want to know much more of their network than simple packets/bytes accounting. In order to satisfy these needs, we have added in the latest nProbe 6.9.x releases many new features including: Flow application detection (via nDPI) Network/application latency Support of encapsulations such as GTP/Mobile IP/GRE Various metrics for computing network user-experience Extension to plugins to provide even …
ntop

ntop 5.0 Released
After a year, it’s time to release a new stable version of ntop. This version deserves a major number, 5.0, as many things have changed. Beside bug fixes and general improvements, in this release we redesigned the ntop engine, that up to version 4.x was a bit cumbersome. We now have a layer 2 (MAC Address) and layer 3 (IP address) so that the old -o flag is no longer used. Sessions are now enabled by default, as they are used widely in ntop. We update netflow collection supporting new …
nProbe

Getting More Information On Your Network Performance
This week ntop will be present at the Open Source System Management Conference 2012, that will take place this Thursday in Bolzano, Italy, organized by our partner and sponsor Würth-Phoenix. We’ll give a speech about how to analyze network performance with our nProbe/ntop applications, as well how to characterize the applications generating traffic. In fact it is important not to do generic and aggregate metric monitoring, but to characterize flow-by-flow so that we can generate alerts per-application. During the event we’ll speak about future nProbe extensions that we’ll introduce later …
Announce

Meet ntop @ Cebit 2012
All those visiting Cebit next week, will have the chance to see what we’re doing at ntop for providing better network monitoring services. We will give a presentation at the Open Source Forum next Wedn at 1.45 PM that is organized by the Linux Magazine. This would be a good time to speak and meet the ntop community. We hope to see you there. …
nProbe

SFProbe: Embedding nProbe on an SFP
In 2004 my friend Alex Tudor of Agilent involved ntop on a very challenging project. The idea was to monitor the network from the exact place where packets were originated. In fact popular network taps and span ports are not the right tools as they are added to an existing network (i.e. the network does not need them, but probes do need them). The same applies to active monitoring: traffic should be generated from the right place. So if you want to see the router-to-router latency you should let the router …
ntop

Packet Monitoring using ntop and Cisco ON100
From time to time, Cisco builds ntop-friendly products. This is the time of the Cisco ON100 network agent. This tiny device that can fit on your hand, has been integrated with ntop for the purpose of traffic monitoring as you can read on this technical note Enabling ntop Packet Monitoring with Cisco OnPlus Service. ntop is an optional application watching the second LAN port (Monitor port). The Cisco cloud service provides a web tunnel back to the ON100 to ntop’s web service. No data is interpreted, as ntop does that. This way end users can …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe