PF_RING supports nsec timestamps from some modern NICs, such as those based on the Intel 82580 (e.g. Silicom PE2G4i80). But NIC timestamps require installing and running the application on the machine where the adapter is installed. Furthermore, by the time the traffic gets from the wire to the the NIC, its temporal behavior might have […]
nProbe IPFIX Interoperability Tests
Over the past month quite a lot of effort has been put on the IPFIX side of nProbe. Recently, nProbe has been successfully verified by Juniper as an IPFIX (in addition to v9) collector for flows generated by Juniper MX routers, and Cisco Catalyst 4948E switches. In order to further guarantee users that nProbe respects the […]
Developing Monitoring Applications based on PF_RING
Many people use PF_RING just as a “better” libpcap. PF_RING is much more than that, as it can significantly simplify the design of network monitoring applications as well better exploit modern multi-core architectures and network adapters. For those willing to dive into PF_RING, I have released an updated user’s guide that can introduce you to […]
Using Hardware Timestamps with PF_RING
Up to some years ago, hardware timestamps were available only on costly FPGA-based NICs. Slowly, NIC manufactures started to consider hw timestamps as an important feature, and they started to introduce them in new cards. As of today Silicom PE2Gi80, Intel 1 Gbit Ethernet Server Adapter i340 (1 Gbit) and Neterion X3110/X3120 (10 Gbit) offer […]
Say hello to NetFlow-Lite (NFLite)
As you all know, NetFlow has been initially designed for routers (or L3 switches if you wish), contrary to sFlow that instead has been deployed mostly on switches. In this view, people use NetFlow just for monitoring internet traffic, as NetFlow is not supported across the product portfolio due to dedicated ASIC required. NetFlow-lite (first […]
Cisco(Live) and ntop
Just like Apple is the computer brand I use since 1985, for me Cisco is the networking company, the one that created the first routers and switches on which the Internet was built. It has been a great surprise when last summer I have been contacted by a Cisco representative, who has asked me whether I […]
PF_RING and transparent_mode
Many PF_RING users know that for avoid patching the Linux kernel, as of PF_RING 4.x packets are received though NAPI. This means that the packet journey is the same used in standard Linux, thus the performance improvement with respect to vanilla Linux is minimal (< 5%) although PF_RING allows to do many more things than […]
HTTP Traffic Analysis Using nProbe and Scrutinizer
Are you interested in getting URL information from NetFlow? The nProbe NetFlow probe or the nBox can do it. Paul at Plixer International recently wrote a blog on Recommended nProbe Templates. For a foundation on this topic, check out his blog. As an extension of his blog, I’ll explain how to get URLS from the […]
ntop in 2011
Most of you know only small pieces of the ntop project. I have decided to prepare a few slides that you can use as tutorial for showing how the various project components can be used to efficiently monitor networks, and what you can expect in 2011 from this project (see for instance vPF_RING and n2disk). […]
Latency using NetFlow from the nProbe: Part 1
nProbe v6 features both network and application latency measurement. Our partner Ravica has written a nice tutorial on this subject.