Over the past few months we have spent quite some time to accelerate popular open-source IDS/IPS with PF_RING ZC. The result is that you now have the option to select your favourite security product as we support all, at no cost, using PF_RING ZC in both IDS and IPS mode. From our benchmarks we have […]
Building a (Cheap) 2×10 Gbit (Continuous) Packet Recorder using n2disk and PF_RING
Continuous packet recorders are devices that capture network traffic and save it to disk. The term continuous means that this activity is performed “continuously” until the device is active and not just for a few minutes. At ntop we have developed two companion applications to be used on a packet recorder: n2disk is a software […]
How to Promote Scalability with PF_RING ZC and n2disk
The number of cores per CPU is growing at a rate governed by the Moore’s law. Nowadays even low-end CPUs come with at least 4/8 cores and people want to exploit all of them before buying a new machine. It is not uncommon to see people trying to squeeze on the same machine multiple applications (n2disk, […]
PF_RING 6.0.2 Released: DKMS, Sysdig, Hardware Timestamps and much more
Today we have released a maintenance release of PF_RING that includes many fixes and enhancements. In particular: we have moved our binary packages over DKMS that will make them independent from kernel version that caused you to update whenever a new kernel version was released. Thanks to DKMS this is no longer necessary. We have […]
Visualising n2disk Captured Traffic using CloudShark
Introduction ntop users are familiar with n2disk and the nBox web interface that ease its use. As you know, the nBox includes a small web-based tool that allows you to preview pcap contents. This tool is good for having an idea of what a pcap contains but it not a fully fledged application. On the […]
Introducing on-the-fly 10 Gbit pcap compression on n2disk
Compressing pcap produced by n2disk is a good idea for a few reasons: It allows disk space to be saved as compressed data takes less space on disk. It enables the creation of cheaper packet recorder appliances as with the same hardware you can save more data onto disk and thus in some problem domain […]
Not All Servers Are Alike (With PF_RING ZC/DNA) – Part 3
We have already discussed on the first and second part of this post some common issues that might be encountered while doing high-performance packet processing. Most of the problems are related to multi-CPU servers (NUMA) and memory configuration. We have spent a lot of time creating the nBox web-GUI that is not just a graphical interface, but […]
Migrating from DNA/Libzero to PF_RING ZC
Since the introduction of PF_RING ZC (Zero Copy), we have received many inquiries about migrating from DNA/LibZero to ZC. Said that at the moment we do not plan to discontinue DNA/LibZero, we would like to summarise the differences and ease you the migration: In PF_RING 5.x (pre-ZC) there were two driver families: DNA-drivers and PF_RING-aware […]
Introducing PF_RING ZC (Zero Copy)
NOTE: The new PF_RING home is hereAfter almost 18 months of development, we are pleased to announce the release of PF_RING ZC (Zero Copy). Based on the lessons learnt with DNA and libzero, we have decided to redesign from scratch a new consistent zero-copy API that implements popular network patterns. The goal is to offer […]
Accurate 10 Gbit Traffic Reply Using disk2n
n2disk is a software application that allows to dump traffic to disk at line rate (10 Gbit full duplex) with high-accurate timestamps. This both using networks cards featuring hardware timestamps and also with software timestamps. Most companies focus just on capture to disk, whereas we believe that it is also compulsory to provide solutions for traffic […]