nDPI

Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification
From time to time we receive emails form people asking how nDPI compares with other similar toolkits. Licio Marchetti has shared this report Comparison of Deep Packet Inspection (DPI) Tools for Traffic Classification written by the Universitat Politècnica de Catalunya that says: “the best accuracy we obtained from NDPI (91 points), PACE (82 points), UPC MLA (79 points), and Libprotoident (78 points)”. So nDPI looks in good shape 🙂 This said, last week we have improved quite bit the Bittorrent and Skype dissectors and we have create a small test tool that demonstrate …
PF_RING

PF_RING 5.6.0 Released
This is to announce the release of PF_RING 5.6.0. We recommend all users to install this release as we have fixed a couple of critical bugs. Changelog: PF_RING Kernel module Fixed bug that prevented the PF_RING cluster to work properly with specific traffic Documentation User’s guide translated to russian (courtesy of ridervka@yandex.ru) Libzero Fixed bug that caused the DNA bouncer to process the correct packet Examples pfwrite Added support for the microcloud so that for GTP traffic it is possible to dump traffic of specific IMSI phone Added support for …
PF_RING

PF_RING 5.5.3 Released
Today we have released a new maintenance version of PF_RING. We suggest all users to update if possible. PF_RING Kernel module – Support for injecting packets to the stack – Added ability to balance tunneled/fragmented packets with the cluster – Improved init.d script – Packet len fix with GSO enabled, caplen fix with multiple clusters – Bug fixes for race condition with rss rehash, memory corruption, transparent mode and tx capture, kernels >= 3.7. Drivers – Added PF_RING-aware driver for Chelsio cards (cxgb3-2.0.0.1) – New release for PF_RING-aware igb (igb-4.1.2) …
ntop

It’s time for a completely new ntop. Say hello to ntopng.
15 years are past since the first version of ntop. In 1998 network monitoring requirements were very different from today: few protocols (mostly in plain text) to monitor, IP was not yet “the only protocol”, low network speed, very few connected hosts, no iPhones yet, raspberry was still a fruit, Linux was still for geeks. In 2013 the whole picture is very different. One gigabit links are now commodity (10 Gbit is around the corner), (too?) many hosts interconnected and mobile, application protocols (e.g. Spotify or Skype) are “the” protocols …
PF_RING

Who (Really) Needs Sub-microsecond Packet Timestamps?
Introduction For years network adapter manufacturer companies have educated their customers that network monitoring applications can’t live without hardware packet timestamps (i.e. the ability for the network adapter to report to the driver the time a given packet was sent or received). State of the art FPGA-based network adapters [1, 2, 3] have hardware timestamps with a resolution of +/- ~10 nsec and accuracy of +/- ~50 nsec so that monitoring applications can safely assume an accuracy of  100 nsec in measurements, for sub-usec measurements. Commodity adapters such as Intel 1 …
n2disk

Learning The ntop World of Apps
The main criticism to ntop is the lack of documentation. This is because we have to maintain many projects, have little time, and also because we prefer coding to documentation. We decided to fill this gap and give a positive answer to your requests: We have created the nBox GUI to enable you to use all our applications without the pain of compiling and configuring them. This is a free product that everyone can use to build their own measurement gear or just to start ntop using a web browser. …
n2disk

How to build yourself a nBox Probe and Packet Recorder
If you need a network probe or a packet recorder you have two options. Grab a turn-key nBox or built it yourself using our software. In the first case you will receive a optimised system, with the right motherboard/CPU/NIC for your monitoring tasks and all software preinstalled/configured. However if you want to build yourself your nBox (e.g. you can reuse an old/spare server or get a new one if you plan to address 10 Gbit monitoring) you can now do it. Below we will describe how to build it step by …
nDPI

Configuring nDPI for Custom Protocol Detection
The first release of nDPI was basically a refresh of the OpenDPI library on which nDPI is built. Over the past few months we have made many changes including: Port to various platforms including Linux, MacOSX, Windows and FreeBSD. Enhancement of the demo pcapReader application both in terms of speed/features and encapsulations supported (for instance you can now analyse GTP-tunneled traffic). Ability to compile nDPI for the Linux kernel so that you can use it for developing efficient kernel-based modules. Various speed enhancements so that nDPI is now faster than …
n2disk

Filtering n2disk-captured Packets and Replaying them at 10 Gbit using the nBox
The nBox is not just a no-cost web GUI for ntop products, but it’s a totally new experience for dealing with pcap files. n2disk is able to index packets while capturing and then filter captured packets. Once you have filtered your favourite packets (based on a BPF filter and a time span) you can then download them to your PC or reproduce them at line rate (or at any speed you like). Even BPF filters are simplified with the nBox thanks to the ability to drag and drop filtering expressions …
Announce

Introducing nBox 2.0 (aka how to use/configure ntop apps using a web GUI)
Years ago we decided to create the nBox appliance as turn-key solution for those that were not fans of the command line. Then we decided to rewrite the nBox GUI to make it simpler, more modern, and usable by all ntop users, to configure ntop, nProbe, n2disk, PF_RING and DNA.   In essence we have created a new web interface that can simplify your configurations, assist with complex things such as core affinity or DNA configuration, and let you focus on ntop applications rather than on their configuration. You can download …
PF_RING

PF_RING 5.5.2 Released
Changelog Fix for corrupted VLAN tagged packets Userspace bpf support (when using dna) PF_RING-aware igb default moved to 4.0.17 Flow Control  rx/tx automatically disabled by the driver Added DAQ drivers into RPM (http://packages.ntop.org) New pfring_open() flag PF_RING_DNA_FIXED_RSS_Q_0 to send all traffic to queue 0 and select other queues with hw filters (DNA cards with hw filtering only) Added check for modern libc versions New pfdnacluster_mt_rss_frwd sample app (packet forwarding using libzero dna cluster for rx/balancing and standard dna with zero-copy on rss queues for tx) Added ability to create a …
nProbe

Monitoring Mobile Networks (2G, 3G, and LTE) using nProbe
Monitoring mobile networks traffic has been traditionally perceived by the telecommunications industry as something complex, costly, proprietary. This is unfortunately one of the few fields where the open-source movement  has not been able to spread much, where vendor lock-in is still the standard. Last year we visited the Mobile World Congress in Barcelona to understand more about this world (btw, it’s a crazy expo as the  cheapest entry ticket costs 900$ and up), and the conclusion is that mobile terminals are pretty open thanks to Android, but the network is …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe