Announce

Introducing nBox 2.0 (aka how to use/configure ntop apps using a web GUI)
Years ago we decided to create the nBox appliance as turn-key solution for those that were not fans of the command line. Then we decided to rewrite the nBox GUI to make it simpler, more modern, and usable by all ntop users, to configure ntop, nProbe, n2disk, PF_RING and DNA.   In essence we have created a new web interface that can simplify your configurations, assist with complex things such as core affinity or DNA configuration, and let you focus on ntop applications rather than on their configuration. You can download …
PF_RING

PF_RING 5.5.2 Released
Changelog Fix for corrupted VLAN tagged packets Userspace bpf support (when using dna) PF_RING-aware igb default moved to 4.0.17 Flow Control  rx/tx automatically disabled by the driver Added DAQ drivers into RPM (http://packages.ntop.org) New pfring_open() flag PF_RING_DNA_FIXED_RSS_Q_0 to send all traffic to queue 0 and select other queues with hw filters (DNA cards with hw filtering only) Added check for modern libc versions New pfdnacluster_mt_rss_frwd sample app (packet forwarding using libzero dna cluster for rx/balancing and standard dna with zero-copy on rss queues for tx) Added ability to create a …
nProbe

Monitoring Mobile Networks (2G, 3G, and LTE) using nProbe
Monitoring mobile networks traffic has been traditionally perceived by the telecommunications industry as something complex, costly, proprietary. This is unfortunately one of the few fields where the open-source movement  has not been able to spread much, where vendor lock-in is still the standard. Last year we visited the Mobile World Congress in Barcelona to understand more about this world (btw, it’s a crazy expo as the  cheapest entry ticket costs 900$ and up), and the conclusion is that mobile terminals are pretty open thanks to Android, but the network is …
PF_RING

Not All Servers Are Alike (With DNA) – Part 2
Some time ago, we discussed on the first part of this post, why not all servers spot the same performance with DNA. The conclusion was that beside the CPU, you need a great memory bandwidth in order to move packets from/to the NIC. So in essence CPU+memory bandwidth are necessary for granting line-rate performance. In this post we want to add some lessons learnt while playing with DNA on modern servers. Lesson 1: Not all PCIe slots are alike With the advent of PCIe gen3, computer manufacturers started to mix …
PF_RING

PF_RING 5.5.1 Released
ChangeLog Updated PF_RING-aware ixgbe driver (3.11.33). Update PF_RING-aware igb (4.0.17). Fixed bug that was causing ixgbe driver not to disable interrupts. This was causing a high load on the core handling the interrupts for ixgbe-based card. libzero: various hugepages improvements and bug fixes. Added ability to specify PF_RING_RX_PACKET_BOUNCE in pfring_open(). Fixed minor PF_RING memory leak. Various improvements to support of hardware timestamp on Silicom Intel-based 10 Gbit adapters. DNA Bouncer: added direction to pfring_dna_bouncer_decision_func callback (useful in bidirectional mode). DNA Cluster: added dna_cluster_set_hugepages_mountpoint() to manually select the hugepages mount point when several …
nbox

BYO10GPR: Build Your Own 10 Gbit Packet Recorder
Packet recorder appliances are one of the last network components that have insane prices. Years ago this was justified by the fact that in order to capture traffic at high speed it was mandatory to use costly custom packet capture cards and often custom-designed hardware. With the advent of multi-10 Gbit packet capture technologies on commodity hardware such as PF_RING DNA, and the availability of high-performance computers such as those based on the Intel Sandy Bridge chipset the game has changed. Modern 10K RPM 6Gb/s SATA disks enable with 8 …
PF_RING

PF_RING 5.5.0 Released
New libzero features DNA Cluster: number of per-consumer rx/tx queue slots and number of additional buffers can be configured via dna_cluster_low_level_settings() hugepages support (pfdnacluster_master/pfdnacluster_multithread -u option) New PF_RING-aware libpcap features added PF_RING_ACTIVE_POLL environmental variable to enable active polling when defined to 1 enable rehash rss setting env var PF_RING_RSS_REHASH=1 cluster type selectable via env vars: PCAP_PF_RING_USE_CLUSTER_PER_FLOW PCAP_PF_RING_USE_CLUSTER_PER_FLOW_2_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_4_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_TCP_5_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_5_TUPLE New PF_RING-aware drivers Updated Intel drivers to make them compatible with newer kernels New PF_RING library features new pfring_open() flag PF_RING_HW_TIMESTAMP for enabling hw timestamp New PF_RING kernel module features …
n2disk

Using n2disk for 10 Gbit line-rate packet-to-disk
Packet-to-disk is the ability to dump network packets to disk. This activity is important for implementing a sort of “network time machine” so that when something unexpected happens, you have the ability to access the raw packets and thus inspect the cause of the problems. Implementing efficient packet-to-disk requires high-speed packet capture, speedy disks, and efficient packet dump software. We started to work on this field, a few years ago when creating a packet-to-disk application for 1 Gbit networks, named n2disk. Today we are introducing the second generation of n2disk …
nProbe

Monitoring on the MicroCloud
When I started to develop ntop in 1998, it was clear to me that the network was a huge, volatile (or semi-persistent if you wish), constantly changing database. In ntop this database is implemented in memory, where for each received packet, ntop updates the hosts, protocols, sessions, packet size….. tables. The web interface is yet another way to view the database contents using a web interface. In order not to exhaust all the available resources (memory in primis), the ntop memory database periodically purges data that is no longer accessed …
PF_RING

Accelerating Snort with PF_RING DNA
Since some time, PF_RING includes a DAQ (Data AcQuisition library) module for the popular Snort IDS/IPS. With respect to Linux AF_PACKET, the use of PF_RING significantly accelerates all snort operations. We have recently created a new DAQ module that adds native PF_RING DNA support, further accelerating the vanilla PF_RING DAQ module from 20 to 50%. The support of DNA in addition to greater speed, also has the advantage of exploiting symmetric RSS, so that you can run one snort instance per RX queue and be sure that such instance will …
nProbe

10 Gbit (Line Rate) NetFlow Traffic Analysis using nProbe and DNA
In the past couple of years, 10 Gbit networks are gradually replacing multi-1 Gbit links. Traffic analysis is also increasingly demanding as “legacy” NetFlow v5 flows are not enough to network administrators who want to know much more of their network than simple packets/bytes accounting. In order to satisfy these needs, we have added in the latest nProbe 6.9.x releases many new features including: Flow application detection (via nDPI) Network/application latency Support of encapsulations such as GTP/Mobile IP/GRE Various metrics for computing network user-experience Extension to plugins to provide even …
ntop

ntop 5.0 Released
After a year, it’s time to release a new stable version of ntop. This version deserves a major number, 5.0, as many things have changed. Beside bug fixes and general improvements, in this release we redesigned the ntop engine, that up to version 4.x was a bit cumbersome. We now have a layer 2 (MAC Address) and layer 3 (IP address) so that the old -o flag is no longer used. Sessions are now enabled by default, as they are used widely in ntop. We update netflow collection supporting new …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe