HowTo Analyse NetFlow/IPFIX/sFlow pcap Traces

Posted · Add Comment

Dumping sFlow/NetFlow/IPFIX flows in pcap format can be very useful for troubleshooting or for creating a compact traffic dump. For instance you can dump flow traffic with n2disk (wireshark, or tcpdump) and store them in pcap format, and eventually share them with a shared disk or sent via email. Flows are usually analysed live with […]

nProbe 10.4 is now Available: Cloud Support and Agent Mode

Posted · Add Comment

This is to announce the release of nProbe 10.4. In this version we have made several improvements (including support for new platforms and distributions) as well merged the agent code into the main code base (via -T) on both Linux and Windows. This feature allows you to export (for traffic originated or terminated on the […]

nProbe Cento 1.20 Just Released

Posted · Add Comment

This is to announce the release of nProbe Cento 1.20, that is basically a maintenance release that fixes some issues, improved metadata export using nDPI, and adds new platform and distributions support. Below you can find the whole changelog. Enjoy ! Improvements Add ARM support Add support for dumping bad packets (–dump-bad-packets) Add support for […]

Scaling Up ntopng Flow and Packet Processing

Posted · Add Comment

As traffic rate increases, it is important to tune packet processing in order to avoid drops and thus educe visibility. This post will show you a few tricks for improving the overall performance and better exploit modern multicore systems. The Problem ntopng packet processing performance depends on the number of ingress pps (packets per second) […]

Now available ntopng/nprobe ARM64 Docker Images

Posted · Add Comment

Supporting 64 bit ARM platforms is important because there is now a plethora of inexpensive boards based on this architecture. Thanks to the use of docker containers, several manufacturers allow their devices to take advantage of this technology to run third-party software on devices that used to be not extensible. Here you can read how […]

How To Analyse Asymmetric VLAN Traffic

Posted · Add Comment

A VLAN is a method for partitioning a layer two broadcast domain creating virtual networks of homogeneous systems hence promoting network segmentation. A ethernet port with no VLAN tag is called access port, whereas a switch port with VLAN-tagged packets is called tagged or trunk port. End systems are usually connected to access ports meaning […]