Author: Alfredo Cardigliano

  • Home
  • Articles by: Alfredo Cardigliano
n2disk

Introducing on-the-fly 10 Gbit pcap compression on n2disk
Compressing pcap produced by n2disk is a good idea for a few reasons: It allows disk space to be saved as compressed data takes less space on disk. It enables the creation of cheaper packet recorder appliances as with the same hardware you can save more data onto disk and thus in some problem domain you can double the capacity of your existing box. As n2disk leaves some space in CPU cycles (in particular when used on top of Napatech adapters) we have room to compress and index packets on-the-fly …
PF_RING

Not All Servers Are Alike (With PF_RING ZC/DNA) – Part 3
We have already discussed on the first and second part of this post some common issues that might be encountered while doing high-performance packet processing. Most of the problems are related to multi-CPU servers (NUMA) and memory configuration. We have spent a lot of time creating the nBox web-GUI that is not just a graphical interface, but it is a way to automatically configure ntop applications as well report common configuration issues. For those who want to live without it, we have some additional lessons learnt to share. Lesson 1: Make sure all …
PF_RING

Migrating from DNA/Libzero to PF_RING ZC
Since the introduction of PF_RING ZC (Zero Copy), we have received many inquiries about migrating from DNA/LibZero to ZC. Said that at the moment we do not plan to discontinue DNA/LibZero, we would like to summarise the differences and ease you the migration: In PF_RING 5.x (pre-ZC) there were two driver families: DNA-drivers and PF_RING-aware drivers. With the former you could operate at line-rate with DNA/LibZero, with the latter the speed was limited and you were not able to use the packets from LibZero. In ZC, there is one driver family …
PF_RING

Introducing PF_RING ZC (Zero Copy)
NOTE: The new PF_RING home is hereAfter almost 18 months of development, we are pleased to announce the release of PF_RING ZC (Zero Copy). Based on the lessons learnt with DNA and libzero, we have decided to redesign from scratch a new consistent zero-copy API that implements popular network patterns. The goal is to offer you a simple API, able to deliver line-rate performance (from 1 to multi-10 Gbit) to network application developers. We have hidden you all the internals and low-level details, in order to create a developer-centric API …
Announce

Accurate 10 Gbit Traffic Reply Using disk2n
n2disk is a software application that allows to dump traffic to disk at line rate (10 Gbit full duplex) with high-accurate timestamps. This both using networks cards featuring hardware timestamps and also with software timestamps. Most companies focus just on capture to disk, whereas we believe that it is also compulsory  to provide solutions for traffic replay by exploiting these high-accurate timestamps that have been saved on pcap files. This activity is quite challenging. Replying traffic with high-precision timestamps it is necessary for instance whenever we want to reproduce exactly the …
nProbe

How to Balance (Mobile) Traffic Across Applications Using PF_RING
Traffic monitoring requires packets to be received and processed in a coherent matter. Some people are lucky enough to get all interesting packet on a single interface, but this is unfortunately not a common scenario anymore: The use of network taps split one full-duplex interface into two half-duplex interfaces each receiving a direction of the traffic. Standby interfaces, require traffic monitoring apps to surveil two interfaces, where traffic flows only on one interface at time. Asymmetric traffic (i.e. all protocols similar to HTTP where the traffic in one direction is …
PF_RING

Learning the PF_RING API
Since the initial version, PF_RING has supported the pcap API that is familiar to many developers. This has allowed people to seamlessly port existing apps on top of PF_RING, simply relinking their apps using the PF_RING-aware version of libpcap. Unfortunately the pcap API is able to exploit just a subset of the features available in the native PF_RING API as demonstrated by the various apps we have coded to show how to the native API works. In order to ease the development of new native PF_RING applications, we acknowledge it …
PF_RING

Accelerating Suricata with PF_RING DNA
Below you can find an excerpt of the “Suricata (and the grand slam of) Open Source IDPS” article written by our friend Peter Manev (Suricata core team) describing how to install and configure PF_RING, DNA and Suricata. The original blog entries can be found at Part One – PF_RING and Part Two – DNA. ————- Part One – PF_RING If you have pf_ring already installed, you might want to do: sudo rmmod pf_ring If you are not sure if you have pf_ring installed , you can do: sudo modinfo pf_ring …
PF_RING

PF_RING 5.6.0 Released
This is to announce the release of PF_RING 5.6.0. We recommend all users to install this release as we have fixed a couple of critical bugs. Changelog: PF_RING Kernel module Fixed bug that prevented the PF_RING cluster to work properly with specific traffic Documentation User’s guide translated to russian (courtesy of ridervka@yandex.ru) Libzero Fixed bug that caused the DNA bouncer to process the correct packet Examples pfwrite Added support for the microcloud so that for GTP traffic it is possible to dump traffic of specific IMSI phone Added support for …
PF_RING

PF_RING 5.5.3 Released
Today we have released a new maintenance version of PF_RING. We suggest all users to update if possible. PF_RING Kernel module – Support for injecting packets to the stack – Added ability to balance tunneled/fragmented packets with the cluster – Improved init.d script – Packet len fix with GSO enabled, caplen fix with multiple clusters – Bug fixes for race condition with rss rehash, memory corruption, transparent mode and tx capture, kernels >= 3.7. Drivers – Added PF_RING-aware driver for Chelsio cards (cxgb3-2.0.0.1) – New release for PF_RING-aware igb (igb-4.1.2) …
n2disk

Filtering n2disk-captured Packets and Replaying them at 10 Gbit using the nBox
The nBox is not just a no-cost web GUI for ntop products, but it’s a totally new experience for dealing with pcap files. n2disk is able to index packets while capturing and then filter captured packets. Once you have filtered your favourite packets (based on a BPF filter and a time span) you can then download them to your PC or reproduce them at line rate (or at any speed you like). Even BPF filters are simplified with the nBox thanks to the ability to drag and drop filtering expressions …
Announce

Introducing nBox 2.0 (aka how to use/configure ntop apps using a web GUI)
Years ago we decided to create the nBox appliance as turn-key solution for those that were not fans of the command line. Then we decided to rewrite the nBox GUI to make it simpler, more modern, and usable by all ntop users, to configure ntop, nProbe, n2disk, PF_RING and DNA.   In essence we have created a new web interface that can simplify your configurations, assist with complex things such as core affinity or DNA configuration, and let you focus on ntop applications rather than on their configuration. You can download …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe