This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point … Continue reading
Introducing nProbe Cento 1.14
This is to announce a new release of the ntop’s 100 Gbit probe, nProbe Cento 1.14. In this version we have integrated the latest features from nDPI, the ntop’s Deep-Packet-Inspection engine, that is now 2.5x faster than the previous version. … Continue reading
Collecting Flows from Hundred of Routers Using Observation Points
Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you … Continue reading
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients … Continue reading
NetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and … Continue reading
How to Collect and Analyse AWS VPC Flow Logs
Amazon Virtual Private Cloud (VPC) flow logs and in essence text-based Netflow-like logs consisting of fields that describe the traffic flow. They are often collected on disk and published to S3 buckets or CloudWatch for an AWS-centric monitoring infrastructure (extra … Continue reading
Handling Traffic Directions with sFlow/NetFlow/IPFIX
Network interfaces natively support RX and TX directions, so tools such as ntopng can detect the traffic directions and depict this information accordingly. In the above picture that ntopng shows in the top menubar, TX traffic is depicted in blue … Continue reading
nProbe IPS: How To setup an Inline Layer-7 Traffic Policer in 5 Minutes
Introduction Recently, we have added Intrusion Prevention System (IPS) capabilities to our nProbe. Those capabilities are available starting from the latest 9.5 version, both for Linux and FreeBSD – including OPNsense and pfSense, and are available with all nProbe versions … Continue reading
Introducing nProbe IPS: 10 Gbit nDPI-based Traffic Policer and Shaper
This is to introduce a new nProbe feature that brings IPS (Intrusion Prevention System) support via nDPI for Linux and FreeBSD (including OPNsense and pfSense). As shown in the picture below, nProbe acts as a transparent bridge (with kernel offload) … Continue reading
Best Practices for High Speed Flow Collection
Most people use nProbe and ntopng to collect flows using an architecture similar to the one below where nprobe and ntopng are started as follows: nprobe -3 <collector port> -i none -n none —zmq “tcp://*:1234” –zmq-encryption-key <pub key> ntopng -i … Continue reading