nProbe

Monitoring Mobile Networks (2G, 3G, and LTE) using nProbe
Monitoring mobile networks traffic has been traditionally perceived by the telecommunications industry as something complex, costly, proprietary. This is unfortunately one of the few fields where the open-source movement  has not been able to spread much, where vendor lock-in is still the standard. Last year we visited the Mobile World Congress in Barcelona to understand more about this world (btw, it’s a crazy expo as the  cheapest entry ticket costs 900$ and up), and the conclusion is that mobile terminals are pretty open thanks to Android, but the network is …
PF_RING

Not All Servers Are Alike (With DNA) – Part 2
Some time ago, we discussed on the first part of this post, why not all servers spot the same performance with DNA. The conclusion was that beside the CPU, you need a great memory bandwidth in order to move packets from/to the NIC. So in essence CPU+memory bandwidth are necessary for granting line-rate performance. In this post we want to add some lessons learnt while playing with DNA on modern servers. Lesson 1: Not all PCIe slots are alike With the advent of PCIe gen3, computer manufacturers started to mix …
PF_RING

PF_RING 5.5.1 Released
ChangeLog Updated PF_RING-aware ixgbe driver (3.11.33). Update PF_RING-aware igb (4.0.17). Fixed bug that was causing ixgbe driver not to disable interrupts. This was causing a high load on the core handling the interrupts for ixgbe-based card. libzero: various hugepages improvements and bug fixes. Added ability to specify PF_RING_RX_PACKET_BOUNCE in pfring_open(). Fixed minor PF_RING memory leak. Various improvements to support of hardware timestamp on Silicom Intel-based 10 Gbit adapters. DNA Bouncer: added direction to pfring_dna_bouncer_decision_func callback (useful in bidirectional mode). DNA Cluster: added dna_cluster_set_hugepages_mountpoint() to manually select the hugepages mount point when several …
nbox

BYO10GPR: Build Your Own 10 Gbit Packet Recorder
Packet recorder appliances are one of the last network components that have insane prices. Years ago this was justified by the fact that in order to capture traffic at high speed it was mandatory to use costly custom packet capture cards and often custom-designed hardware. With the advent of multi-10 Gbit packet capture technologies on commodity hardware such as PF_RING DNA, and the availability of high-performance computers such as those based on the Intel Sandy Bridge chipset the game has changed. Modern 10K RPM 6Gb/s SATA disks enable with 8 …
PF_RING

PF_RING 5.5.0 Released
New libzero features DNA Cluster: number of per-consumer rx/tx queue slots and number of additional buffers can be configured via dna_cluster_low_level_settings() hugepages support (pfdnacluster_master/pfdnacluster_multithread -u option) New PF_RING-aware libpcap features added PF_RING_ACTIVE_POLL environmental variable to enable active polling when defined to 1 enable rehash rss setting env var PF_RING_RSS_REHASH=1 cluster type selectable via env vars: PCAP_PF_RING_USE_CLUSTER_PER_FLOW PCAP_PF_RING_USE_CLUSTER_PER_FLOW_2_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_4_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_TCP_5_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_5_TUPLE New PF_RING-aware drivers Updated Intel drivers to make them compatible with newer kernels New PF_RING library features new pfring_open() flag PF_RING_HW_TIMESTAMP for enabling hw timestamp New PF_RING kernel module features …
n2disk

Using n2disk for 10 Gbit line-rate packet-to-disk
Packet-to-disk is the ability to dump network packets to disk. This activity is important for implementing a sort of “network time machine” so that when something unexpected happens, you have the ability to access the raw packets and thus inspect the cause of the problems. Implementing efficient packet-to-disk requires high-speed packet capture, speedy disks, and efficient packet dump software. We started to work on this field, a few years ago when creating a packet-to-disk application for 1 Gbit networks, named n2disk. Today we are introducing the second generation of n2disk …
nProbe

Monitoring on the MicroCloud
When I started to develop ntop in 1998, it was clear to me that the network was a huge, volatile (or semi-persistent if you wish), constantly changing database. In ntop this database is implemented in memory, where for each received packet, ntop updates the hosts, protocols, sessions, packet size….. tables. The web interface is yet another way to view the database contents using a web interface. In order not to exhaust all the available resources (memory in primis), the ntop memory database periodically purges data that is no longer accessed …
PF_RING

Accelerating Snort with PF_RING DNA
Since some time, PF_RING includes a DAQ (Data AcQuisition library) module for the popular Snort IDS/IPS. With respect to Linux AF_PACKET, the use of PF_RING significantly accelerates all snort operations. We have recently created a new DAQ module that adds native PF_RING DNA support, further accelerating the vanilla PF_RING DAQ module from 20 to 50%. The support of DNA in addition to greater speed, also has the advantage of exploiting symmetric RSS, so that you can run one snort instance per RX queue and be sure that such instance will …
nProbe

10 Gbit (Line Rate) NetFlow Traffic Analysis using nProbe and DNA
In the past couple of years, 10 Gbit networks are gradually replacing multi-1 Gbit links. Traffic analysis is also increasingly demanding as “legacy” NetFlow v5 flows are not enough to network administrators who want to know much more of their network than simple packets/bytes accounting. In order to satisfy these needs, we have added in the latest nProbe 6.9.x releases many new features including: Flow application detection (via nDPI) Network/application latency Support of encapsulations such as GTP/Mobile IP/GRE Various metrics for computing network user-experience Extension to plugins to provide even …
ntop

ntop 5.0 Released
After a year, it’s time to release a new stable version of ntop. This version deserves a major number, 5.0, as many things have changed. Beside bug fixes and general improvements, in this release we redesigned the ntop engine, that up to version 4.x was a bit cumbersome. We now have a layer 2 (MAC Address) and layer 3 (IP address) so that the old -o flag is no longer used. Sessions are now enabled by default, as they are used widely in ntop. We update netflow collection supporting new …
PF_RING

Using PF_RING DAQ for high-performance 1/10 Gbit Snort-based IDS/IPS
Months ago we have started to design a new PF_RING DAQ module for snort. We decided to do this project with ENEO Tecnologia who has both sponsored the development and helped us to implement all those tiny features that turned PF_RING DAQ from a simple DAQ adapter to a full fledged module. One of the decisions we made, was to make this new DAQ module able to operate on vanilla PF_RING and also DNA (so that everyone could benefit), and to support complex topologies. In non-DNA mode, we leveraged on …
PF_RING

PF_RING DNA/Libzero vs Intel DPDK
From time to time, we receive inquiries asking us to position PF_RING (DNA and Libzero) against Intel DPDK (Data Plane Development Kit). As we have no access to DPDK, all we can do is to compare these two technologies by looking at the documents about DPDK we can find on the Internet. The first difference is that PF_RING is an open technology, whereas DPDK is available only to licensees. Looking at DPDK performance reports, PF_RING seems to be slightly more efficient (you can run DNA tests yourself using the companion demo applications) than …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe