Author: Alfredo Cardigliano

  • Home
  • Articles by: Alfredo Cardigliano
ntop

The Brand New nBox UI is Out
As announced during the last ntop Webinar, the new nBox UI has been released! What is nBox UI? nBox UI is a web-based User Interface that simplifies the ntop’s software configurations (ntopng, nProbe, nProbe Cento, n2disk, …), assisting with complex things such as creating configuration files and managing the services and let you focus on playing with the applications. nBox UI also helps you manage the box, with the ability to configure the box connectivity, users, etc. nBox UI is in practice what we use to build our nBox Recorder …
ntop

Introducing PF_RING 8.4: Zero-Copy Promisc Capture on Virtual Functions
This is to announce a new PF_RING release 8.4 ! This stable release adds zero-copy support for a new range of (virtual) adapters from Intel: the iavf-zc driver can be used to capture traffic from i40e (X710/XL710) and ice (E810) Virtual Functions. This new driver paves the way for new packet capture architectures as it enables high-speed promiscuous capture on Virtual Functions by leveraging on the SR-IOV trust mode available on Intel X710/XL710 adapters. It is now possible for instance to capture all traffic hitting the physical interface from multiple …
ntop

ntop Professional Training: November 2022
ntop tools are continuously evolving and getting extended in order to take into account new requirements. Every new release adds many new features that needs to be mastered. In addition to this, new users demand professional training to quickly learn our tools and be productive in limited time. For this reason ntop offers professional training in addition to periodic webinars, video tutorials, and community support. This is to announce that the next ntop Professional Training will take place in November 2022. This ntop training mainly focus on ntopng, new features, …
PF_RING

Introducing PF_RING 8.2: New Mellanox Support
This is to announce a new PF_RING release 8.2! This new stable version adds support for a new family of ASIC-based adapters from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 (please check the User’s Guide for the exact list of supported firmwares). This new driver/adapter combination delivers high performance (in our tests nProbe Cento was able to scale up to 100 Gbps with worst case traffic using a few CPU cores) and provides high flexibility, with support for hardware packet filtering, traffic duplication, load-balancing and nanosecond hardware timestamping as described in a previous post. This …
ntop

ntop Professional Training: May 2022
This is to announce that the next ntop professional training will take place in May 2022. All those who are using ntop tools for business are invited to attend this session. The idea is to divide the training in 5 session of 90 minutes each, so that you can attend the training without having to leave your daily activities. At this page can read more about training content, costs, and registration information Make sure to join it ! …
ntop

Introducing PF_RING ZC Support for Mellanox Adapters
PF_RING ZC is ntop’s high-speed zero-copy technology for high speed packet capture and processing. Until now ZC supported 10/40/100 Gbit adapters from Intel based on ASIC chips, in addition to the FPGA-based 100 Gbit adapters already supported by PF_RING including Accolade/Napatech/Silicom. This post is to announce a new ZC driver, known as mlx, supporting a new family of 100 Gbit ASIC-based adapters, this time from Mellanox/NVIDIA, including ConnectX-5 and ConnectX-6 adapters. The supported ConnectX adapters from Mellanox, in combination with the new mlx driver, demonstrated to be capable of high performance, by …
ntop

Introducing PF_RING 8.0: Batch Packet Processing and XDP Support
This is to announce a new PF_RING release 8.0. This new stable version includes enhancements for improving application performances, by adding support for batch processing also in the standard API (it was already available in the ZC API), and consolidates XDP support, which has been reworked to fully leverage on the latest Zero-Copy support and buffers management and take full advantage of the native batch capture. This release also adds support for the latest kernels to the ZC drivers for Intel adapters, including those shipped with CentOS (8.4) and Ubuntu LTS (20) …
cento

Introducing nProbe Cento 1.14
This is to announce a new release of the ntop’s 100 Gbit probe, nProbe Cento 1.14. In this version we have integrated the latest features from nDPI, the ntop’s Deep-Packet-Inspection engine, that is now 2.5x faster than the previous version. Flows are enriched with Flow Risks, which represents a set of issues detected by nDPI, and a Flow Score, which is computed based on the risks severity, to indicates how bad is each flow. The flow dump has also been improved by adding the Community ID (a flow identifier which …
nScrub

A Step-By-Step Guide for Protecting Your Network with nScrub
Distributed Denial of Service (DDoS) attacks represent a family cyber-attacks that are more and more common nowadays. They aim to make the service unavailable by overwhelming the victim with high traffic volumes (this is the case of volumetric or amplification attacks based on UDP, ICMP, DNS, …) or an high number of requests (including TCP connection attacks like the SYB flood, or Layer 7 attacks able to exhaust the resources of the service at the application level). This differentiate them from other cyber-attacks like intrusion attacks or malwares aiming to destroying, stealing …
n2disk

Exploiting Arista MetaWatch with n2disk and ntopng: HighRes Timestamping and Analytics
Precise packet timestamping is a key feature for network traffic analysis and troubleshooting. Traditionally many people use FPGA-based NICs with precise timestamping (e.g. Napatech, Silicom) even though a good precision can be obtained with PTP-based NICs such as many Intel network adapters. A better alternative to this practice is to avoid ad all using specialised adapters and rely on existing network devices to timestamp packets. Arista packet brokers with MetaWatch  can be configured to add an extra trailer (Metamako) with metadata to every captured packet. In fact Arista 7150 Series …
n2disk

Introducing n2disk 3.6: full L7 support, fast flow export, replay rate control
This is to announce a new n2disk release 3.6. This release adds full support for indexing and retrieving traffic based on the Layer-7 application protocol. This can now be enabled even when flow export is disabled, and it is possible to use the extraction tool to extract selected application traffic using the Layer-7 protocol as part of the nBPF filter. n2disk is now also able to use the main storage as a cache, and in the meantime archive pcap files moving them from the fast to a slower storage, even …
ntop

Introducing PF_RING 7.8: ZC support for new Intel adapters and much more
This is to announce a new PF_RING major release 7.8. The main changes in this release include: The new ice ZC driver supporting E800 Series 100 Gigabit Intel adapters. Hardware timestamp support  for packet trailers and keyframes generated by Arista 7150 Series and Metawatch. This also includes device information such as the Device ID and the Port ID. BPF support for all ZC devices and queues, both to filter received or transmitted traffic. ZC API extensions to further simplify its use, which is one of the main advantages of this …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe