nProbe

nProbe

nProbe 11.0: Smarter Flow Analysis, Deeper Protocol Visibility, Enhanced GTP Traffic Correlation
We’re excited to announce the release of nProbe 11.0. This release incorporates several improvements and brings major improvements in flow analysis, tunnel handling, and TCP statistics, along with new features that make nProbe even more flexible and robust for complex network monitoring environments. Key Highlights Advanced TCP Flags Analysis nProbe 11.0 introduces enhanced TCP flag analysis, enabling more precise insights into TCP session behavior and improving visibility into flow state transitions. Enhanced GTP-C/GTP-U Traffic Correlation With this new release we have enhanced our GTP traffic processing and correlation (GTP-C with GTP-U) architecture. …
nProbe

HowTo Dump Collected Flows and nTap Packets with nProbe
When nProbe collects data (both sFlow/NetFlow/IPFIX and nTap), it immediately discards collected data after processing. However sometimes it is useful to dump such data. A typical use-case include: Probe can dump collected data to a virtual network interface on top of which applications such as n2disk or tcpdump can be enabled. This can be enabled with --dump-collected-pkts <interface> for dumping collected data onto the specified network interface. In case of nTap raw collectd packets are dumped “as is” to the interface, whereas collected flows are dumped with a dummy ethernet/IP/UDP header. You …
cento

HowTo Measure the Status and Performance of Network Flows
NetFlow has been originally designed to monitor network traffic using simple bytes/packets metrics. For TCP, it is also possible to know what TCP flags (that indicate the connection state) have been used on a flow, as NetFlow/IPFIX exports them as a cumulative OR of all TCP flags of the flow. This allows you to know if a SYN flag has been observed on a flow but not the number of SYN flags that have been reported for a flow. No other information elements have been implemented to report detailed TCP flow …
nProbe

Best Practices for nProbe and ntopng Deployment
We often receive inquiries about the best practices for deploying nProbe and ntopng. This post will try to shed some light on this subject. The first thing to know is how many flows/second in total the nProbe instances will deliver to ntopng.  nProbe Flow CollectionEach nProbe instance can collect a high number of flows (in the 50/100k flows/sec range depending on hardware and flow types), but we typically suggest loading balance flows across multiple instances. Ideally, each nProbe instance should handle no more than 25k flow/sec. As ntop licenses are …
Announce

Introducing nProbe 10.8: QoE, AWS/GCP VPC Support, Better GTP Traffic Correlation
We’re excited to announce the new nProbe 10.8 release! This release introduces features that improve visibility, performance, and protocol intelligence, while also addressing many community-requested improvements and fixes. Quality of Experience (QoE) Monitoring Understanding network performance from the user’s perspective is more important than ever. With QoE computation, nProbe now allows you to assess the quality of application flows, enabling proactive troubleshooting and smarter optimization. Improved GTP-C/GTP-U Correlation This release improves GTP traffic correlation for stitching mobile subscribers to their traffic (e.g. you can know the IMSI of the user …
Announce

Released Cento 2.2: Enhanced Flow Offload, QoE Metrics, and GTP Correlation
We’re excited to announce a new release of Cento 2.2, our high-performance flow-based traffic processing engine. This release brings major enhancements in traffic analysis capabilities, particularly for mobile network monitoring, quality assessment, and flow offloading on Napatech adapters. Whether you’re deploying Cento in ISP-grade infrastructures or using it for deep traffic inspection, this release is packed with powerful new features and improvements designed to push performance and visibility to the next level. Full Flow Table Offload on Napatech Adapters Cento 2.2 now offers fully-fledged Flow Table offload support with the …
nProbe

AI-Driven Networks: A ML Solution for 5G Networks based on nProbe
In this contributed post the Universidade de Aveiro, Instituto de Telecomunicações, Portugal, explains how nProbe has be successfully used in 5G networks.   Introduction As networks evolve to meet the demands of modern connectivity, the need for intelligent traffic monitoring and anomaly detection becomes increasingly critical. In the context of 5G networks, where high-speed data transfer and low latency are paramount, Machine Learning (ML)-based solutions provide a robust mechanism for detecting anomalies and ensuring network reliability. Our project leverages nProbe, a high-performance NetFlow/IPFIX probe, to extract a comprehensive set of …
nProbe

How To Implement Packet and Flow Deduplication
Depending on the network topology and configuration, your monitoring tools can receive the same traffic multiple times. This problem is called data duplication. Duplication can happen at packet or flow level: Packet duplication The same packet is received multiple (usually twice) times, either one after the other, or within a short mount of time. Note that this has nothing to do with TCP data retransmission that is a totally different scenario. Flow duplication Two or more flow-devices observe the same traffic, and emit the same flow at the same time. …
nProbe

HowTo Configure Flow Collection in nProbe and ntopng
In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Probe mode. nProbe captures network packets that are converted into flows that are then exported to ntopng. Collection mode. nProbe collects flows produced by a probe such as a router. Flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use custom information elements. In addition nProbe takes care …
nProbe

Released nProbe 10.6: Reworked GTP support, Improved Kafka/ZMQ Export, Several Fixes
This is to announce the release of nProbe 10.6 that includes many changes in a couple of selected areas: Mobile traffic analysis (GTPv1 and GTPv2) and GTP-C/GTP-U correlation has been rewritten to support complexity of modern mobile networks.  nProbe is now more friendly when talking ZMQ/Kafka (hence with ntopng) as it can report various statistics and export of specific information elements has been optimised to improve performance. In addition nProbe supports the latest nDPI version that has been optimised in memory and that features almost 500 application protocols, that is …
nProbe

HowTo Use Cloud Licenses
As discussed in our spring webinar, it is now possible to use (in beta) cloud licenses with ntopng and nProbe. Contrary to standard licenses that are bound to a physical system (based on the systemId), cloud licenses are “floating” as the same license file can be used on multiple hosts, of course not simultaneously (i.e. only one system at time can use the license). This is good news for those who use containers or VMs as they do no have to pay attention to the systemId anymore. If you want …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe