Author: admin

  • Home
  • Articles by: admin
nbox

BYO10GPR: Build Your Own 10 Gbit Packet Recorder
Packet recorder appliances are one of the last network components that have insane prices. Years ago this was justified by the fact that in order to capture traffic at high speed it was mandatory to use costly custom packet capture cards and often custom-designed hardware. With the advent of multi-10 Gbit packet capture technologies on commodity hardware such as PF_RING DNA, and the availability of high-performance computers such as those based on the Intel Sandy Bridge chipset the game has changed. Modern 10K RPM 6Gb/s SATA disks enable with 8 …
nProbe

Monitoring on the MicroCloud
When I started to develop ntop in 1998, it was clear to me that the network was a huge, volatile (or semi-persistent if you wish), constantly changing database. In ntop this database is implemented in memory, where for each received packet, ntop updates the hosts, protocols, sessions, packet size….. tables. The web interface is yet another way to view the database contents using a web interface. In order not to exhaust all the available resources (memory in primis), the ntop memory database periodically purges data that is no longer accessed …
nProbe

10 Gbit (Line Rate) NetFlow Traffic Analysis using nProbe and DNA
In the past couple of years, 10 Gbit networks are gradually replacing multi-1 Gbit links. Traffic analysis is also increasingly demanding as “legacy” NetFlow v5 flows are not enough to network administrators who want to know much more of their network than simple packets/bytes accounting. In order to satisfy these needs, we have added in the latest nProbe 6.9.x releases many new features including: Flow application detection (via nDPI) Network/application latency Support of encapsulations such as GTP/Mobile IP/GRE Various metrics for computing network user-experience Extension to plugins to provide even …
ntop

ntop 5.0 Released
After a year, it’s time to release a new stable version of ntop. This version deserves a major number, 5.0, as many things have changed. Beside bug fixes and general improvements, in this release we redesigned the ntop engine, that up to version 4.x was a bit cumbersome. We now have a layer 2 (MAC Address) and layer 3 (IP address) so that the old -o flag is no longer used. Sessions are now enabled by default, as they are used widely in ntop. We update netflow collection supporting new …
nProbe

Getting More Information On Your Network Performance
This week ntop will be present at the Open Source System Management Conference 2012, that will take place this Thursday in Bolzano, Italy, organized by our partner and sponsor Würth-Phoenix. We’ll give a speech about how to analyze network performance with our nProbe/ntop applications, as well how to characterize the applications generating traffic. In fact it is important not to do generic and aggregate metric monitoring, but to characterize flow-by-flow so that we can generate alerts per-application. During the event we’ll speak about future nProbe extensions that we’ll introduce later …
Announce

Meet ntop @ Cebit 2012
All those visiting Cebit next week, will have the chance to see what we’re doing at ntop for providing better network monitoring services. We will give a presentation at the Open Source Forum next Wedn at 1.45 PM that is organized by the Linux Magazine. This would be a good time to speak and meet the ntop community. We hope to see you there. …
nProbe

SFProbe: Embedding nProbe on an SFP
In 2004 my friend Alex Tudor of Agilent involved ntop on a very challenging project. The idea was to monitor the network from the exact place where packets were originated. In fact popular network taps and span ports are not the right tools as they are added to an existing network (i.e. the network does not need them, but probes do need them). The same applies to active monitoring: traffic should be generated from the right place. So if you want to see the router-to-router latency you should let the router …
ntop

Packet Monitoring using ntop and Cisco ON100
From time to time, Cisco builds ntop-friendly products. This is the time of the Cisco ON100 network agent. This tiny device that can fit on your hand, has been integrated with ntop for the purpose of traffic monitoring as you can read on this technical note Enabling ntop Packet Monitoring with Cisco OnPlus Service. ntop is an optional application watching the second LAN port (Monitor port). The Cisco cloud service provides a web tunnel back to the ON100 to ntop’s web service. No data is interpreted, as ntop does that. This way end users can …
PF_RING

Precise Interface Merging Without Hardware Timestamps
In network monitoring it is very common to use taps for duplicating network traffic (RX and TX directions). Taps are important as they allow network probes to operate passively without interfering with network operations. The two traffic directions (A to B and B to A) are plugged into two network ports of the probe. Having the two directions separated has advantages (e.g. packets are not mixed across directions) and disadvantages. The main disadvantage is that when reading packets from the two interfaces, it is not possible to know which packet …
Announce

Say hello to nDPI (Network DPI)
The equation “port = (application) protocol” no longer holds. DPI (Deep Packet Inspection) is the way to detect known protocols on non-known ports (e.g. http on ports other than 80) and traffic on know port that is not the one we expect (e.g. skype on port 80). On a nutshell, we need to look at packet content and see what’s inside. P2P protocols have been designed from day one with the ability to circumvent network policies in order to reach their peers, and they are good example of places where …
PF_RING

DNA vs netmap
In the past months I have received a few emails about how to position DNA with respect to netmap. To many people they look like two competing solutions, but in reality they are just two solutions to the same problem. Yesterday I had a nice meeting with Luigi Rizzo, the author of netmap. I personally know Luigi since almost 15 years as we both live pretty close. The first time I saw him (1999 or so) he was hacking a driver for a CD-ROM drive on FreeBSD while speaking with …
nProbe

Using nProbe for Solving General Traffic Monitoring Tasks
Most people use nProbe just as a basic NetFlow/IPFIX probe where traffic monitoring is limited to packet header analysis, without further dissecting protocols. This practice is very common inside the NetFlow community and it’s one of the reasons why flow-based analysis has not changed much since its inception. Fortunately nProbe can do much more than this (e.g. it can inspect traffic on tunnels, or geo-locate flow peers), and below are just some use cases: Browsing the Internet is slow, some URLs cannot be accessed Most likely the DNS is not …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe