As traffic rate increases, it is important to tune packet processing in order to avoid drops and thus educe visibility. This post will show you a few tricks for improving the overall performance and better exploit modern multicore systems. The … Continue reading
Enabling Zeek and Suricata On-Demand at 40/100 Gbit using PF_RING
Overview Those of you who have some experience with IDS or IPS systems, like Zeek and Suricata, are probably aware of how CPU intensive and memory consuming those applications are due to the nature of the activities they carry on … Continue reading
Now available ntopng/nprobe ARM64 Docker Images
Supporting 64 bit ARM platforms is important because there is now a plethora of inexpensive boards based on this architecture. Thanks to the use of docker containers, several manufacturers allow their devices to take advantage of this technology to run … Continue reading
How To Analyse Asymmetric VLAN Traffic
A VLAN is a method for partitioning a layer two broadcast domain creating virtual networks of homogeneous systems hence promoting network segmentation. A ethernet port with no VLAN tag is called access port, whereas a switch port with VLAN-tagged packets … Continue reading
How Flow-Based Traffic Classification Works
Many ntop products such as ntopng, nProbe, and PF_RING FT just to name a few are based on network flows. However not all our users know in detail what is a network flow, and how it works in practice. This … Continue reading
nProbe 10.2 is Available: Redesigned Kafka Export, nTap and Google Cloud Support
Today we announce the availability of nProbe 10.2 that features native nTap support for generating flows from remote devices, and redesigned Kafka support for both flow export and communication with ntopng. With this respect, the new –ntopng <URL> command line … Continue reading
Scaling Up: How To Collect, Analyse, and Store Flows at Scale (100 Gbit+)
Most ntop tools such as nProbe cento and n2disk have been designed to run at high speed (today we consider 100 Gbit a high-speed link). ntopng instead has to perform many activities including behavioral traffic analysis that makes it unable … Continue reading
HowTo Monitor Zoom Performance and Video/Call Quality
Zoom is a popular platform for video communications and team collaboration. As many other cloud services, network administrators need to supervise Zoom network traffic usage. DPI toolkits such as nDPI are useful for identifying Zoom traffic for supervising the network … Continue reading
HowTo Deploy nProbe and ntopng on the Cloud
Some of our customers deploy ntopng on the cloud in order to collect flows coming from private nProbe instances often deployed on private networks or clouds. Thanks to ZMQ/Kafka communications, data sent by nProbe to ntopng travel encrypted; this is … Continue reading
Howto use Kafka (instead of ZMQ) For Reliable Flow Collection and IPC
Historically, we have used ZMQ for interconnecting nProbe to ntopng, as this is a fast and simple messaging system. However one of they key advantage of ZMQ of being broker-less is sometime a problem. In case of maintenance, traffic peaks, … Continue reading