PF_RING

10 Gbit Hardware Packet Filtering Using Commodity Network Adapters

The promise of filtering packets in hardware is not new. Unfortunately filtering network adapters are pretty expensive, not to mention if they run at 10 Gbit. Furthermore many commercial FPGA-based NICs feature hardware packet filtering, but often require card reconfiguration whenever flow rules are added/removed and have a limited set of rules that can be configured. The release of Intel X520, the first NIC based on the 82599-controller, has triggered my interest as this controller is much more powerful than what Linux can do with it. Thanks to support from …
PF_RING

PF_RING/TNAPI-based 10 Gbit Network Monitoring on Multicore Systems

Over the past couple of years, PF_RING has been enhanced to exploit innovations in computer hardware. In particular the availability of multicore systems and efficient controllers such as those introduced by Intel with the i7 family (in particular Nehelem and Sandy Bridge) has allowed applications to spread their load across all available processors (24 cores in dual-CPU Westmere systems). In addition to this, modern 82599-based 10 Gbit network adapters feature hardware-based packet filtering and prioritization across RX queues, have opened up a whole world of opportunities. For this reason in …
ntop

Twelve years of ntop

The Internet is pretty volatile. As new information become available, the old one disappears. Sometimes we have to look back and see what’s happened in the past years. Shall you be interested in seeing how ntop changed in the past twelve years, you can have a look at this URL, that has several snapshots of the ntop web site. …
ntop

ntop on Ubuntu

The ubuntu community has published a post that explains how to compile/use ntop on Ubuntu. This is the URL of the post. …
nProbe

Using Genetic Algorithms for Network Intrusion Detection and Integration into nProbe

Conference: OSCON 2010 Presentation Link: Ignite Track Presented by: Brian Lavender SNORT is popular Network Intrusion Detection System (NIDS) tool that currently uses a custom rule based system to identify attacks. This presentation emphasizes on writing the algorithm to write generate the rules through GA and the integration of them into nProbe, a similar network monitoring tool written by Luca Deri with a plug-in architecture. Genetic Algorithms are dependent upon identifying attributes to describe a problem and evolving a desired population. In this case, the problem is an attack through the …
Announce

Released ntop 4.0

After a few years of work, this is to announce the availability of ntop 4.0. Major changes include: Partially rewritten ntop processing engine to address reliability and performance Several bugs and stability issues fixed Added better support for IPFIX and NetFlow v9, as well as ntop PEN (Private Enterprise Number) Added support for Cisco ASA firewalls Added ntop engine scriptability via the python programming language Added RRDalarm plugin for generating alerts based on thresholds Improved google maps integration Enhanced sFlow support ntop is available for both Unix and Windows platforms. …
ntop

Creating 3D Maps using ntop

Since some time ntop support geolocation. Now courtesy of Ronald W. Henderson it can also display mercator maps and natively integrate with tools such  as Google Earth. These ntop extensions are part of the  NST (Network Security Toolkit) toolkit. For more information please visit the NST Wiki page. …
PF_RING

Modern Packet Capture and Analysis: Multi-Core, Multi-Gigabit, and Beyond

Sometimes people ask me a tutorial about PF_RING. Last year I have given a tutorial about it at the IM 2009 conference. I think that everyone interested in using PF_RING for going beyond packet capture acceleration should read this set of slides I used for the tutorial. Today the cost of packet capture is limited with respect to packet analysis. For this reason you should use PF_RING as a framework for creating simple yet powerful traffic monitoring applications. …
ntop

Interview with Luca Deri

In this video Luca presents the ntop project and gives an outlook of future activities. It was presented during the OSS conference that took place last May in Bolzano. Finally this short interview gives an idea of how ntop can benefit when integrated with commercial applications and vendors such as Würth-Phoenix. …
nProbe

nProbe with FastBit database: an innovative flows storage solution

nProbe, acronym for NetFlow probe, is an open-source probe that supports both NetFlow and sFlow collection. It has been designed to keep up with Gigabit speeds on commodity hardware and it can be used for capturing packets and analyzing networks at full speed with no (or very moderate) packet loss using PF_RING. Each captured packet is analyzed, associated to a flow record, and periodically, the expired flows are emitted and exported to the specified collectors. nProbe is fully inter-operable with commercial collectors and open source tools such as ntop. The …
PF_RING

Installation Guide For PF_RING

Below you can find an installation guide for PF_RING written by Gunjan Bansal. The original blog entry can be found at this URL. ————- Hi, This is my first guide so please bear with me for any disrespencies. These steps were tested on Intel Core 2 Duo machine with 4 GB Ram and  Intel(R) PRO/1000 Network Card , with Ubuntu 9.10 installed.This guide explains the installation procedure for Version 4.3.1 PF_RING implementation by Luca Deri is a great method for efficient Packet Capture on Commodity Hardware.It can be found on …
Announce

ntop and Plixer Partnered for Advanced Flow-based Monitoring

May 17th 2010 Press Release Plixer International, Inc., a leading global provider of network traffic monitoring and analysis tools, today announced that it has partnered with NTOP of Italy to launch Scrutinizer 7.7 with nProbe™ support for advanced flow-based monitoring to analyze client, server and application latency. If the flow involves HTTP, the URL information can also be exported. With its unique software-based nProbe™ support, Scrutinizer 7.7 is the first-of-its-kind NetFlow analyzer to enable affordable remote probe deployment on individual PCs or servers to track and pinpoint traffic and application …