nProbe

Sometimes flow (sFlow/NetFlow/IPFIX) collection can become a complicated activity when you need to: Collect, on your private network, flows originated by devices with a public IP. Migrate your infrastructure to nProbe/ntopng while sending flows to both nProbe and your legacy collector. Implementing all this is often an expensive exercise with non-ntop solutions, therefore in order to ease migration to ntop tools, we made available in the nProbe package a couple of tools that can implement typical activities such as flow relay, replication and fanout easily. Below you can learn how …

nProbe 1.0 was introduced in 2002. After 20 years we are glad to introduce nProbe 10 that introduces several new features and improvements: Agent mode for process monitoring on Linux (eBPF) and Windows Implemented timeseries support for nProbe self-monitoring and sFlow-based counter timeseries Conversion of Amazon AWS VPC files into flows Export of flows towards Google Pub/Sub Improved collection of proprietary flows, including Nokia and Calix Support for collecting flows from syslog Agent Mode When nProbe in deployed on a host, it is possible to use the new –agent-mode command …

One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana dashboard for instance. Timeseries are dumped by means of two new nProbe command line options: --influxdb-dump-dir <dir> This allows timeseries to be stored in Line protocol format into the specified directory. A new file is created every minute. --influxdb-exec-cmd <cmd> This option allows to process an timeseries file as soon …

One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow packets that can then pollute the collected information. As of today, unencrypted protocols need to be avoided and thus some workarounds to this problem need to be identified. Often people use VPNs to export flows, but this is not a simple setup with cloud services or on complex networks, so …

Sometimes traffic monitoring requires data deduplication as due to topology or hardware constraints there are some network traffic activities that are monitored by multiple devices, and others that are monitored only by a single device. This means that unless some corrections are configured, traffic measurements are wrong and thus useless. Fortunately, we have implemented some features that allows you to avoid this problem by discarding duplicated traffic before this hits the collector. This is because the collector is overwhelmed by the various activities it has to carry on, so it …

This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point to enable distributed collection labelling. Added support for collecting and generating flows using Amazon Virtual Private Cloud (VPC) flow logs. Out of the box native FreeBSD/OPNsense/pfSense support. Support of traffic directions in collected traffic. Transparent VM systemId support to implement persistent systemId during VM migrations. Added companion tool nprobe-config for …