nProbe

Last week I have participated to an IPFIX interoperability event held in Prague, right before the IETF 80. In the picture below you can see me between Benoit Claise (Cisco, one of the IPFIX/NetFlow fathers) and Jiri Novotni (Invea-Tech). nProbe 6.3.x has been successfully tested against all the available implementations including Vermont, SiLK, nfdump/IPFIX (Cesnet). nProbe has passed all the IPFIX interoperability tests as both probe (over SCTP, UDP, and TCP) and collector (UDP), dissecting both IPv4 and IPv6 traffic, and also converting NetFlow-Lite flows into IPFIX flows. Most of you …

Over the past month quite a lot of effort has been put on the IPFIX side of nProbe. Recently, nProbe has been successfully verified by Juniper as an IPFIX (in addition to v9) collector for flows generated by Juniper MX routers, and Cisco Catalyst 4948E switches. In order to further guarantee users that nProbe respects the IPFIX standards, nProbe will be tested against other IPFIX implementations at the IPFIX Interoperability Event that will take place next week in Prague. In the following months, ntop will also try to push in the …

Just like Apple is the computer brand I use since 1985, for me Cisco is the networking company, the one that created the first routers and switches on which the Internet was built. It has been a great surprise when last summer I have been contacted by a Cisco representative, who has asked me whether I was interested in starting a new project on NetFlow. After the initial surprise, of course I have accepted, and now it’s a few months I work with (not for) Cisco on this nice and challenging …

Are you interested in getting URL information from NetFlow?  The nProbe NetFlow probe or the nBox can do it.  Paul at Plixer International recently wrote a blog on Recommended nProbe Templates.  For a foundation on this topic, check out his blog.  As an extension of his blog, I’ll explain how to get URLS from the nProbe. Scrutinizer from Plixer is the ideal tool for advanced IPFIX reporting and network traffic analysis. Below is a top domain report. For our company, the first page of this report is usually legitimate sites, …

nProbe v6 features both network and application latency measurement. Our partner Ravica has written a nice tutorial on this subject. …

Our friends at Plixer have written a nice article about how to use nProbe to export HTTP and latency information. Note that you can also use the nProbe http plugin to trace HTTP events and rebuild user sessions. This as netflow is not exactly the best protocol to use for exporting this information. The available options are: --http-dump-dir <dump dir> …

Today the new nProbe v6 has been released. It includes several improvements with respect to the previous version including: Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding. Ability to natively dump flows in FastBit format that allows to outperform relational and raw flow-based collectors. Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX). Collection of Cisco ASA flows and conversion in ‘standard’ flows. New nprobe architecture for better performance and exploitation of multicore architectures. Support of tunneled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information. …

nProbe is an efficient processing engine able to produce flows based on captured packets, converts flow format (e.g. from NetFlow v5 to v9), or from sFlow to NetFlow. Its engine is fully extensible by means of plugins, and it can handle many application-level protocols. This short document gives an overview of the nProbe internals and it describes the nProbe plugins structure. …

Conference: OSCON 2010 Presentation Link: Ignite Track Presented by: Brian Lavender SNORT is popular Network Intrusion Detection System (NIDS) tool that currently uses a custom rule based system to identify attacks. This presentation emphasizes on writing the algorithm to write generate the rules through GA and the integration of them into nProbe, a similar network monitoring tool written by Luca Deri with a plug-in architecture. Genetic Algorithms are dependent upon identifying attributes to describe a problem and evolving a desired population. In this case, the problem is an attack through the …

nProbe, acronym for NetFlow probe, is an open-source probe that supports both NetFlow and sFlow collection. It has been designed to keep up with Gigabit speeds on commodity hardware and it can be used for capturing packets and analyzing networks at full speed with no (or very moderate) packet loss using PF_RING. Each captured packet is analyzed, associated to a flow record, and periodically, the expired flows are emitted and exported to the specified collectors. nProbe is fully inter-operable with commercial collectors and open source tools such as ntop. The …