Traffic monitoring requires packets to be received and processed in a coherent matter. Some people are lucky enough to get all interesting packet on a single interface, but this is unfortunately not a common scenario anymore: The use of network taps split one full-duplex interface into two half-duplex interfaces each receiving a direction of the […]
Learning the PF_RING API
Since the initial version, PF_RING has supported the pcap API that is familiar to many developers. This has allowed people to seamlessly port existing apps on top of PF_RING, simply relinking their apps using the PF_RING-aware version of libpcap. Unfortunately the pcap API is able to exploit just a subset of the features available in […]
Accelerating Suricata with PF_RING DNA
Below you can find an excerpt of the “Suricata (and the grand slam of) Open Source IDPS” article written by our friend Peter Manev (Suricata core team) describing how to install and configure PF_RING, DNA and Suricata. The original blog entries can be found at Part One – PF_RING and Part Two – DNA. ————- […]
PF_RING 5.6.0 Released
This is to announce the release of PF_RING 5.6.0. We recommend all users to install this release as we have fixed a couple of critical bugs. Changelog: PF_RING Kernel module Fixed bug that prevented the PF_RING cluster to work properly with specific traffic Documentation User’s guide translated to russian (courtesy of ridervka@yandex.ru) Libzero Fixed bug […]
PF_RING 5.5.3 Released
Today we have released a new maintenance version of PF_RING. We suggest all users to update if possible. PF_RING Kernel module – Support for injecting packets to the stack – Added ability to balance tunneled/fragmented packets with the cluster – Improved init.d script – Packet len fix with GSO enabled, caplen fix with multiple clusters […]
Filtering n2disk-captured Packets and Replaying them at 10 Gbit using the nBox
The nBox is not just a no-cost web GUI for ntop products, but it’s a totally new experience for dealing with pcap files. n2disk is able to index packets while capturing and then filter captured packets. Once you have filtered your favourite packets (based on a BPF filter and a time span) you can then […]
Introducing nBox 2.0 (aka how to use/configure ntop apps using a web GUI)
Years ago we decided to create the nBox appliance as turn-key solution for those that were not fans of the command line. Then we decided to rewrite the nBox GUI to make it simpler, more modern, and usable by all ntop users, to configure ntop, nProbe, n2disk, PF_RING and DNA. In essence we have […]
PF_RING 5.5.2 Released
Changelog Fix for corrupted VLAN tagged packets Userspace bpf support (when using dna) PF_RING-aware igb default moved to 4.0.17 Flow Control rx/tx automatically disabled by the driver Added DAQ drivers into RPM (http://packages.ntop.org) New pfring_open() flag PF_RING_DNA_FIXED_RSS_Q_0 to send all traffic to queue 0 and select other queues with hw filters (DNA cards with hw […]
PF_RING 5.5.1 Released
ChangeLog Updated PF_RING-aware ixgbe driver (3.11.33). Update PF_RING-aware igb (4.0.17). Fixed bug that was causing ixgbe driver not to disable interrupts. This was causing a high load on the core handling the interrupts for ixgbe-based card. libzero: various hugepages improvements and bug fixes. Added ability to specify PF_RING_RX_PACKET_BOUNCE in pfring_open(). Fixed minor PF_RING memory leak. Various improvements […]
PF_RING 5.5.0 Released
New libzero features DNA Cluster: number of per-consumer rx/tx queue slots and number of additional buffers can be configured via dna_cluster_low_level_settings() hugepages support (pfdnacluster_master/pfdnacluster_multithread -u option) New PF_RING-aware libpcap features added PF_RING_ACTIVE_POLL environmental variable to enable active polling when defined to 1 enable rehash rss setting env var PF_RING_RSS_REHASH=1 cluster type selectable via env vars: […]