n2disk

n2disk

Filtering Terabytes of pcaps using nBPF and Wireshark
In a previous post we introduced our new nBPF library that able to convert a BPF filter to hardware rules for offloading traffic filtering to the network card. We did not mention that the same engine can be used for accelerating traffic extraction from an indexed dump set produced by n2disk. n2disk is a traffic recording application able to produce multiple PCAP files (a per-file limit in duration or size can be used to control the file size) together with an index (for accelerating extraction) and a timeline (for keeping all the files in …
n2disk

n2disk 2.6 Just Released
This is to announce the release of n2disk 2.6. In this release we have made many changes to the indexing system adding a new flow-based index that should improve packet retrieval as well pave the way to flow+packet+l7 inspection+index integration that will be completed with the next nProbe cento release that will happen later this month. This will enable you to find packets based on l7 protocol: example you can do “host 192.168.1.3 and l7proto WhatsApp”. Stay tuned for the cento release. Finally we would like to ask the community if …
n2disk

How to Build a 2×10 Gbit Packet Recorder using n2disk and PF_RING (2016 Update)
Earlier in 2014 we advised how to build a continuous packet recorder using n2disk and PF_RING. Since that time computing architectures have progressed, we have added support for new ethernet controllers, and so it’s now time to refresh that post for all those willing to build a box themselves. The specs below are for 2 x 10 Gbit; for 1 x 10G you can use half of the components in most cases. CPU: we advise an Intel E5 with at least 3 GHz and 8 cores for all options (indexing and …
n2disk

Building a (Cheap) 2×10 Gbit (Continuous) Packet Recorder using n2disk and PF_RING
Continuous packet recorders are devices that capture network traffic and save it to disk. The term continuous means that this activity is performed “continuously” until the device is active and not just for a few minutes. At ntop we have developed two companion applications to be used on a packet recorder: n2disk is a software application that captures network at line rate (multi 10 Gbit) and dumps it to disk on pcap format. During packet capture, n2disk can also: Create a pcap index to be used for searching specific packets …
n2disk

Visualising n2disk Captured Traffic using CloudShark
Introduction ntop users are familiar with n2disk and the nBox web interface that ease its use. As you know, the nBox includes a small web-based tool that allows you to preview pcap contents.  This tool is good for having an idea of what a pcap contains but it not a fully fledged application. On the other hand CloudShark is the leading application for analysing traffic traces, and thus we have decided to leverage on it for offering the cheapest and most powerful solution for traffic-to-disk and pcap visualisation on the cloud. …
n2disk

Introducing on-the-fly 10 Gbit pcap compression on n2disk
Compressing pcap produced by n2disk is a good idea for a few reasons: It allows disk space to be saved as compressed data takes less space on disk. It enables the creation of cheaper packet recorder appliances as with the same hardware you can save more data onto disk and thus in some problem domain you can double the capacity of your existing box. As n2disk leaves some space in CPU cycles (in particular when used on top of Napatech adapters) we have room to compress and index packets on-the-fly …
Announce

Accurate 10 Gbit Traffic Reply Using disk2n
n2disk is a software application that allows to dump traffic to disk at line rate (10 Gbit full duplex) with high-accurate timestamps. This both using networks cards featuring hardware timestamps and also with software timestamps. Most companies focus just on capture to disk, whereas we believe that it is also compulsory  to provide solutions for traffic replay by exploiting these high-accurate timestamps that have been saved on pcap files. This activity is quite challenging. Replying traffic with high-precision timestamps it is necessary for instance whenever we want to reproduce exactly the …
Announce

Napatech and ntop will demonstrate 10 Gbps capture-to-disk at RSA and MWC
Napatech, the world’s leading supplier of network analysis adapters, and ntop, the renowned traffic monitoring software expert, today announced a collaboration focused on accelerating time to market for high-performance network management and security appliances. The first initiative is a 10 Gbps capture-to-disk solution that will be demonstrated at Mobile World Congress and RSA, February 24-28. Capture-to-disk is fast becoming a critical capability for appliances used in network management and security as well as real-time big data analytics, but it requires expertise to implement, especially for high-speed applications. Commercial-off-the-shelf (COTS) servers offer …
n2disk

Learning The ntop World of Apps
The main criticism to ntop is the lack of documentation. This is because we have to maintain many projects, have little time, and also because we prefer coding to documentation. We decided to fill this gap and give a positive answer to your requests: We have created the nBox GUI to enable you to use all our applications without the pain of compiling and configuring them. This is a free product that everyone can use to build their own measurement gear or just to start ntop using a web browser. …
n2disk

How to build yourself a nBox Probe and Packet Recorder
If you need a network probe or a packet recorder you have two options. Grab a turn-key nBox or built it yourself using our software. In the first case you will receive a optimised system, with the right motherboard/CPU/NIC for your monitoring tasks and all software preinstalled/configured. However if you want to build yourself your nBox (e.g. you can reuse an old/spare server or get a new one if you plan to address 10 Gbit monitoring) you can now do it. Below we will describe how to build it step by …
n2disk

Filtering n2disk-captured Packets and Replaying them at 10 Gbit using the nBox
The nBox is not just a no-cost web GUI for ntop products, but it’s a totally new experience for dealing with pcap files. n2disk is able to index packets while capturing and then filter captured packets. Once you have filtered your favourite packets (based on a BPF filter and a time span) you can then download them to your PC or reproduce them at line rate (or at any speed you like). Even BPF filters are simplified with the nBox thanks to the ability to drag and drop filtering expressions …
n2disk

Using n2disk for 10 Gbit line-rate packet-to-disk
Packet-to-disk is the ability to dump network packets to disk. This activity is important for implementing a sort of “network time machine” so that when something unexpected happens, you have the ability to access the raw packets and thus inspect the cause of the problems. Implementing efficient packet-to-disk requires high-speed packet capture, speedy disks, and efficient packet dump software. We started to work on this field, a few years ago when creating a packet-to-disk application for 1 Gbit networks, named n2disk. Today we are introducing the second generation of n2disk …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe