PF_RING

Migrating from DNA/Libzero to PF_RING ZC
Since the introduction of PF_RING ZC (Zero Copy), we have received many inquiries about migrating from DNA/LibZero to ZC. Said that at the moment we do not plan to discontinue DNA/LibZero, we would like to summarise the differences and ease you the migration: In PF_RING 5.x (pre-ZC) there were two driver families: DNA-drivers and PF_RING-aware drivers. With the former you could operate at line-rate with DNA/LibZero, with the latter the speed was limited and you were not able to use the packets from LibZero. In ZC, there is one driver family …
PF_RING

Introducing PF_RING ZC (Zero Copy)
NOTE: The new PF_RING home is hereAfter almost 18 months of development, we are pleased to announce the release of PF_RING ZC (Zero Copy). Based on the lessons learnt with DNA and libzero, we have decided to redesign from scratch a new consistent zero-copy API that implements popular network patterns. The goal is to offer you a simple API, able to deliver line-rate performance (from 1 to multi-10 Gbit) to network application developers. We have hidden you all the internals and low-level details, in order to create a developer-centric API …
Announce

Accurate 10 Gbit Traffic Reply Using disk2n
n2disk is a software application that allows to dump traffic to disk at line rate (10 Gbit full duplex) with high-accurate timestamps. This both using networks cards featuring hardware timestamps and also with software timestamps. Most companies focus just on capture to disk, whereas we believe that it is also compulsory  to provide solutions for traffic replay by exploiting these high-accurate timestamps that have been saved on pcap files. This activity is quite challenging. Replying traffic with high-precision timestamps it is necessary for instance whenever we want to reproduce exactly the …
nProbe

Introducing nProbe Splunk App for (Free) Network and Application Monitoring
Splunk is a popular realtime data capture, aggregation, and data visualisation system. Designed initially for handling application logs, in its current version is available  with a free enterprise license can index up to 500 megabytes of data per day. We have decided to use Splunk to capture and index in realtime flows generated by nProbe, and in particular those that contain non-numerical information, such as HTTP URLs for instance. The versatile of splunk is such that it can be easily customised with a few mouse clicks, so that new reports, views …
Announce

Napatech and ntop will demonstrate 10 Gbps capture-to-disk at RSA and MWC
Napatech, the world’s leading supplier of network analysis adapters, and ntop, the renowned traffic monitoring software expert, today announced a collaboration focused on accelerating time to market for high-performance network management and security appliances. The first initiative is a 10 Gbps capture-to-disk solution that will be demonstrated at Mobile World Congress and RSA, February 24-28. Capture-to-disk is fast becoming a critical capability for appliances used in network management and security as well as real-time big data analytics, but it requires expertise to implement, especially for high-speed applications. Commercial-off-the-shelf (COTS) servers offer …
n2n

Using n2n with Amazon (AWS) EC2
Although we currently have no time to further develop n2n (we have put the project on hold until we have time to work at it again), this tool is still widely used. This article (courtesy of Stuart Buckell) shows how to use n2n to enable broadcast and multicast support on Amazon (AWS) EC2, which is required for certain enterprise applications and protocols. Enjoy! …
nProbe

How to Balance (Mobile) Traffic Across Applications Using PF_RING
Traffic monitoring requires packets to be received and processed in a coherent matter. Some people are lucky enough to get all interesting packet on a single interface, but this is unfortunately not a common scenario anymore: The use of network taps split one full-duplex interface into two half-duplex interfaces each receiving a direction of the traffic. Standby interfaces, require traffic monitoring apps to surveil two interfaces, where traffic flows only on one interface at time. Asymmetric traffic (i.e. all protocols similar to HTTP where the traffic in one direction is …
PF_RING

Learning the PF_RING API
Since the initial version, PF_RING has supported the pcap API that is familiar to many developers. This has allowed people to seamlessly port existing apps on top of PF_RING, simply relinking their apps using the PF_RING-aware version of libpcap. Unfortunately the pcap API is able to exploit just a subset of the features available in the native PF_RING API as demonstrated by the various apps we have coded to show how to the native API works. In order to ease the development of new native PF_RING applications, we acknowledge it …
ntopng

Scripting ntopng with Lua
The ntopng architecture is divided in three layers: Ingress layer (flow or packet capture). Monitoring engine: the ntopng core. Lua scripting engine Data export layer (via web, syslog or log files). Thanks to the scripting engine, ntopng is fully scriptable. This means that via Lua you can extract the monitoring information and report it into HTML pages or export it to third party applications. The ntopng Lua API is pretty simple it consists of two classes, ntop and interface. ntopng also comes with some example scripts that highlight the main …
nProbe

Running nProbe and ntopng on Ubiquity EdgeRouter Lite
On this blog we have already discussed on how to compile and run ntopng and nProbe on a BeagleBoard and Raspberry Pi. Now we explain (courtesy of  Shane Graham) how to achieve the same on a Ubiquity EdgeRouter Lite, a cheap yet powerful router. First, setup the proper Debian repository: configure set system package repository squeeze components 'main contrib non-free' set system package repository squeeze distribution squeeze set system package repository squeeze url http://http.us.debian.org/debian set system package repository squeeze-security components main set system package repository squeeze-security distribution squeeze/updates set system package repository …
PF_RING

Accelerating Suricata with PF_RING DNA
Below you can find an excerpt of the “Suricata (and the grand slam of) Open Source IDPS” article written by our friend Peter Manev (Suricata core team) describing how to install and configure PF_RING, DNA and Suricata. The original blog entries can be found at Part One – PF_RING and Part Two – DNA. ————- Part One – PF_RING If you have pf_ring already installed, you might want to do: sudo rmmod pf_ring If you are not sure if you have pf_ring installed , you can do: sudo modinfo pf_ring …
ntopng

ntopng 1.1 Released
This is to announce the release of ntopng 1.1. The main changes with respect to 1.0 include: Enhanced web GUI with new menus and extension of previous sections. Ability to specify multiple interfaces simulatenously (just repeat -i). Performance improvements both in nDPI and the ntopng engine (yes multi-Gbit traffic analysis is possible). Several enhancements to the flow collection interface (note that you need the very latest nProbe) that is not much faster and written in native C++ code. Added Google Maps support and HTML 5 map geolocation support. Ability to save …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe