nProbe

nProbe

Best Practices for nProbe and ntopng Deployment
We often receive inquiries about the best practices for deploying nProbe and ntopng. This post will try to shed some light on this subject. The first thing to know is how many flows/second in total the nProbe instances will deliver to ntopng.  nProbe Flow CollectionEach nProbe instance can collect a high number of flows (in the 50/100k flows/sec range depending on hardware and flow types), but we typically suggest loading balance flows across multiple instances. Ideally, each nProbe instance should handle no more than 25k flow/sec. As ntop licenses are …
Announce

Introducing nProbe 10.8: QoE, AWS/GCP VPC Support, Better GTP Traffic Correlation
We’re excited to announce the new nProbe 10.8 release! This release introduces features that improve visibility, performance, and protocol intelligence, while also addressing many community-requested improvements and fixes. Quality of Experience (QoE) Monitoring Understanding network performance from the user’s perspective is more important than ever. With QoE computation, nProbe now allows you to assess the quality of application flows, enabling proactive troubleshooting and smarter optimization. Improved GTP-C/GTP-U Correlation This release improves GTP traffic correlation for stitching mobile subscribers to their traffic (e.g. you can know the IMSI of the user …
Announce

Released Cento 2.2: Enhanced Flow Offload, QoE Metrics, and GTP Correlation
We’re excited to announce a new release of Cento 2.2, our high-performance flow-based traffic processing engine. This release brings major enhancements in traffic analysis capabilities, particularly for mobile network monitoring, quality assessment, and flow offloading on Napatech adapters. Whether you’re deploying Cento in ISP-grade infrastructures or using it for deep traffic inspection, this release is packed with powerful new features and improvements designed to push performance and visibility to the next level. Full Flow Table Offload on Napatech Adapters Cento 2.2 now offers fully-fledged Flow Table offload support with the …
nProbe

AI-Driven Networks: A ML Solution for 5G Networks based on nProbe
In this contributed post the Universidade de Aveiro, Instituto de Telecomunicações, Portugal, explains how nProbe has be successfully used in 5G networks.   Introduction As networks evolve to meet the demands of modern connectivity, the need for intelligent traffic monitoring and anomaly detection becomes increasingly critical. In the context of 5G networks, where high-speed data transfer and low latency are paramount, Machine Learning (ML)-based solutions provide a robust mechanism for detecting anomalies and ensuring network reliability. Our project leverages nProbe, a high-performance NetFlow/IPFIX probe, to extract a comprehensive set of …
nProbe

How To Implement Packet and Flow Deduplication
Depending on the network topology and configuration, your monitoring tools can receive the same traffic multiple times. This problem is called data duplication. Duplication can happen at packet or flow level: Packet duplication The same packet is received multiple (usually twice) times, either one after the other, or within a short mount of time. Note that this has nothing to do with TCP data retransmission that is a totally different scenario. Flow duplication Two or more flow-devices observe the same traffic, and emit the same flow at the same time. …
nProbe

HowTo Configure Flow Collection in nProbe and ntopng
In flow (sFlow/NetFlow/IPFIX) collection, nProbe acts as a “flow processor” for ntopng . nProbe is responsible for sending ntopng flows after they have been processed that includes Probe mode. nProbe captures network packets that are converted into flows that are then exported to ntopng. Collection mode. nProbe collects flows produced by a probe such as a router. Flow normalization that is the process of converting flows on a format that ntopng can understand. This happens if flow exporter devices (e.g. a router) use custom information elements. In addition nProbe takes care …
nProbe

Released nProbe 10.6: Reworked GTP support, Improved Kafka/ZMQ Export, Several Fixes
This is to announce the release of nProbe 10.6 that includes many changes in a couple of selected areas: Mobile traffic analysis (GTPv1 and GTPv2) and GTP-C/GTP-U correlation has been rewritten to support complexity of modern mobile networks.  nProbe is now more friendly when talking ZMQ/Kafka (hence with ntopng) as it can report various statistics and export of specific information elements has been optimised to improve performance. In addition nProbe supports the latest nDPI version that has been optimised in memory and that features almost 500 application protocols, that is …
nProbe

HowTo Use Cloud Licenses
As discussed in our spring webinar, it is now possible to use (in beta) cloud licenses with ntopng and nProbe. Contrary to standard licenses that are bound to a physical system (based on the systemId), cloud licenses are “floating” as the same license file can be used on multiple hosts, of course not simultaneously (i.e. only one system at time can use the license). This is good news for those who use containers or VMs as they do no have to pay attention to the systemId anymore. If you want …
nProbe

HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces
Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with nProbe/ntopng but how can you analyse them when saved in pcap format and not captured from the wire? The nProbe package includes a companion tool that allows flows to be extracted from a pcap file …
nProbe

How Sampling and Throughput Calculation Works: NetFlow/IPFIX vs sFlow vs Packets
ntop tools are able to collect various type of flows NetFlow/IPFIX (including dialects such as J-Flow, NetStream) and sFlow/NetFlowLite, this in addition to packet capture/processing. We have decided to seamlessly handle all these formats so that the user does not have to know the inner details of them. so what you do is the usual pipeline where nProbe collects flow from devices (i.e. router or switch) or turns packets into flows. In both cases nProbe will deliver this information to ntopng by enriching the exported flows with additional data (e.g. …
nProbe

nProbe 10.4 is now Available: Cloud Support and Agent Mode
This is to announce the release of nProbe 10.4. In this version we have made several improvements (including support for new platforms and distributions) as well merged the agent code into the main code base (via -T) on both Linux and Windows. This feature allows you to export (for traffic originated or terminated on the host where nProbe runs) additional contextual information such as the user or process name that produced specific traffic flows. The agent mode is used in ntopng to implement the cloud mode support, that enables nProbe …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe