Author: Luca Deri

  • Home
  • Articles by: Luca Deri
PF_RING

Modern Packet Capture and Analysis: Multi-Core, Multi-Gigabit, and Beyond
Sometimes people ask me a tutorial about PF_RING. Last year I have given a tutorial about it at the IM 2009 conference. I think that everyone interested in using PF_RING for going beyond packet capture acceleration should read this set of slides I used for the tutorial. Today the cost of packet capture is limited with respect to packet analysis. For this reason you should use PF_RING as a framework for creating simple yet powerful traffic monitoring applications. …
ntop

Interview with Luca Deri
In this video Luca presents the ntop project and gives an outlook of future activities. It was presented during the OSS conference that took place last May in Bolzano. Finally this short interview gives an idea of how ntop can benefit when integrated with commercial applications and vendors such as Würth-Phoenix. …
nProbe

nProbe with FastBit database: an innovative flows storage solution
nProbe, acronym for NetFlow probe, is an open-source probe that supports both NetFlow and sFlow collection. It has been designed to keep up with Gigabit speeds on commodity hardware and it can be used for capturing packets and analyzing networks at full speed with no (or very moderate) packet loss using PF_RING. Each captured packet is analyzed, associated to a flow record, and periodically, the expired flows are emitted and exported to the specified collectors. nProbe is fully inter-operable with commercial collectors and open source tools such as ntop. The …
PF_RING

Installation Guide For PF_RING
Below you can find an installation guide for PF_RING written by Gunjan Bansal. The original blog entry can be found at this URL. ————- Hi, This is my first guide so please bear with me for any disrespencies. These steps were tested on Intel Core 2 Duo machine with 4 GB Ram and  Intel(R) PRO/1000 Network Card , with Ubuntu 9.10 installed.This guide explains the installation procedure for Version 4.3.1 PF_RING implementation by Luca Deri is a great method for efficient Packet Capture on Commodity Hardware.It can be found on …
Announce

ntop and Plixer Partnered for Advanced Flow-based Monitoring
May 17th 2010 Press Release Plixer International, Inc., a leading global provider of network traffic monitoring and analysis tools, today announced that it has partnered with NTOP of Italy to launch Scrutinizer 7.7 with nProbe™ support for advanced flow-based monitoring to analyze client, server and application latency. If the flow involves HTTP, the URL information can also be exported. With its unique software-based nProbe™ support, Scrutinizer 7.7 is the first-of-its-kind NetFlow analyzer to enable affordable remote probe deployment on individual PCs or servers to track and pinpoint traffic and application …
ntop

Extending ntop using Python
ntop was designed to be self-contained in order to avoid people configuration and usage headache. Unfortunately the drawback is that extending ntop has always been a difficult activity as users had to code in C and know ntop’s internals. Recently thanks to the integration of ntop with Python, it is possible to script the application and add new features on the fly with minimal effort and no knowledge of how ntop works internally. This tutorial shows how the ntop+Python integration works, and it describes what users can do with it. …
Announce

Meet ntop @ Florence (May 9th): Opening-up ntop using Python
Pycon Conference Florence, May 7-9 2010 ntop (https://www.ntop.org) is an open-source project aimed at monitoring network traffic. Recently, in order to make the tool even more flexible than before this for letting people adapt it to their needs, the python interpreter has been embedded into ntop. The result is that users can now use python for scripting ntop or building monitoring applications in python leveraging the ntop monitoring engine. This talk presents the ntop/python integration and describes some real network monitoring problems that have been effectively solved using this solution. …
Announce

Meet ntop @ Zürich (June 23rd): Large-scale Flow Monitoring Through Open Source Software
AIMS 2010 Conference Tutorial Zürich, June 21-25, 2010 Large and high-speed networks produce a large number of flows that need to be collected and analyzed. Most collectors are unable to keep up with the flow export rate, and also have severe speed limitations when creating reports, due to the amount of data that needs to be analyzed. This tutorial shows how recent innovation in databases, combined with existing open-source software applications, allow flow collection and exploration of large-scale flows to become feasible. Furthermore the use of web 2.0 technologies enable …
PF_RING

10 Gbit PF_RING-based Hardware Packet Filtering and Balancing Previewed at the Intel Europe Conference
Intel Research Europe Conference, Bruxelles, May 4th 2010 Luca Deri and Joseph Gasparakis, senior Intel engineer, have previewed a new PF_RING-based technology they have co-developed that allows Linux users to fully exploit the hardware capabilities of the newest Intel X520 10 Gbit adapter (based on Intel 82599 controller). This technology that is close to public availability (at no cost), will enable PF_RING users to program the X520 card with (over 32’000) rules that allow to both balance and filter traffic in hardware with no CPU intervention. Linux users will be …
ntop

Meet ntop @ Bolzano (May 20th): Conference on Nagios, NTOP @ OSS Monitoring featuring Ethan Galstad an Luca Deri
Following the great interest in 2009, the successful series of an international Conferences on Nagios, NTOP and OSS Monitoring will continue also in 2010. Therefore the organization team of Würth Phoenix spared no efforts to top last year’s agenda and bring international Nagios and OSS Monitoring experts to Bolzano/Italy. This way, next to Nagios founder Ethan Galstad also Michael Medin, Cacti Europe leader Reinhard Scheck, ntop founder Luca Deri as well as the worldwide experienced Swedish Nagios service provider of op5 will be among the key speakers. The presented sessions …
nProbe

IANA Assigned a PEN to ntop
Internet Assigned Numbers Authority (IANA) has assigned to ntop the 35632 PEN (Private Enterprise Number) number. This means for instance that nProbe extensions (e.g. HTTP and VoIP traffic monitoring) will be exported using IPFIX using a valid template that will be recognized by all flow collectors available in the market. A side effect is that whoever will use ntop/nProbe to monitor its own network or code monitoring extensions will be able to export them using a uniform template that will be handled by all applications. This is a major step …
nProbe

Collection and Exploration of Large Data Monitoring Sets Using nProbe
Collecting and exploring monitoring data is becoming increasingly challenging as networks become larger and faster. Solutions based on both SQL-databases and specialized binary formats do not scale well as the amount of monitoring information increases. This paper presents a novel approach to the problem by using a bitmap database that allowed the authors to implement an efficient solution for both data collection and retrieval. The validation process on production networks has demonstrated the advantage of the proposed solution over traditional approaches. This makes it suitable for efficiently handling and interactively …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe