nProbe

One of the latest additions in nProbe, is the ability to create network traffic timeseries that will be stored in the popular InfluxDB database. This features allows nProbe users to create timeseries that can be depicted and integrated in Grafana dashboard for instance. Timeseries are dumped by means of two new nProbe command line options: --influxdb-dump-dir <dir> This allows timeseries to be stored in Line protocol format into the specified directory. A new file is created every minute. --influxdb-exec-cmd <cmd> This option allows to process an timeseries file as soon …

One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow packets that can then pollute the collected information. As of today, unencrypted protocols need to be avoided and thus some workarounds to this problem need to be identified. Often people use VPNs to export flows, but this is not a simple setup with cloud services or on complex networks, so …

Sometimes traffic monitoring requires data deduplication as due to topology or hardware constraints there are some network traffic activities that are monitored by multiple devices, and others that are monitored only by a single device. This means that unless some corrections are configured, traffic measurements are wrong and thus useless. Fortunately, we have implemented some features that allows you to avoid this problem by discarding duplicated traffic before this hits the collector. This is because the collector is overwhelmed by the various activities it has to carry on, so it …

This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point to enable distributed collection labelling. Added support for collecting and generating flows using Amazon Virtual Private Cloud (VPC) flow logs. Out of the box native FreeBSD/OPNsense/pfSense support. Support of traffic directions in collected traffic. Transparent VM systemId support to implement persistent systemId during VM migrations. Added companion tool nprobe-config for …

Amazon Virtual Private Cloud (VPC) flow logs and in essence text-based Netflow-like logs consisting of fields that describe the traffic flow. They are often collected on disk and published to S3 buckets or CloudWatch for an AWS-centric monitoring infrastructure (extra AWS charge is necessary). Now suppose that you want to use this information to monitor your VPC using ntop tools or turn these logs in industry standard NetFlow/IPFIX flows that can be ingested in any monitoring application unable to understand this proprietary log format. In this case you can use …

Network interfaces natively support RX and TX directions, so tools such as ntopng can detect the traffic directions and depict this information accordingly. In the above picture that ntopng shows in the top menubar, TX traffic is depicted in blue and RX in green. All simple. Now suppose you need to analyse sFlow/NetFlow/IPFIX flows, and be interested to understand how much traffic leaves/enters your network. Example suppose you generate IPFIX flows on your Internet gateway: how much of this traffic is sent to the Internet and how much is received? …