One of the main limitations of flow-based protocols such as IPFIX and NetFlow is that the traffic is sent in cleartext. This means that it can be observed in transit and that it is pretty simple to send fake flow packets that can then pollute the collected information. As of today, unencrypted protocols need to […]
nDPI-based Traffic Enforcement on OPNsense/pfSense/Linux using nProbe
nProbe IPS is an inline application able to both export traffic statistics to NetFlow/IPFIX collectors as well to ntopng, and enforce network traffic using nDPI, ntop’s Deep Packet Inspection framework. This blog post shows you how you can use a new graphical configuration tool we have developed to ease the configuration of IPS rules on […]
How To Configure Flow and Packet Deduplication in nProbe
Sometimes traffic monitoring requires data deduplication as due to topology or hardware constraints there are some network traffic activities that are monitored by multiple devices, and others that are monitored only by a single device. This means that unless some corrections are configured, traffic measurements are wrong and thus useless. Fortunately, we have implemented some […]
HowTo Monitor Customer Traffic in Managed Service Providers and ISPs
ISPs have provided Internet access to customers for years and the only goal was to connect their users to the Internet. Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) deliver network, services and infrastructure on customer premises and have become relatively popular in the past few years. Over time customers started to ask […]
nProbe 9.6 Released: IPS, ClickHouse, Observation Points, FreeBSD Support
This is to announce the release of nProbe 9.6 whose main features include: Support of IPS (Intrusion Prevention System) mode. Added support of high-capacity ClickHouse database enabling nProbe to dump ~125k Fps to database. Implemented the concept of Observation Point to enable distributed collection labelling. Added support for collecting and generating flows using Amazon Virtual […]
Introducing nProbe Cento 1.14
This is to announce a new release of the ntop’s 100 Gbit probe, nProbe Cento 1.14. In this version we have integrated the latest features from nDPI, the ntop’s Deep-Packet-Inspection engine, that is now 2.5x faster than the previous version. Flows are enriched with Flow Risks, which represents a set of issues detected by nDPI, […]
Collecting Flows from Hundred of Routers Using Observation Points
Collecting flows on large networks with hundred of routers can be challenging. Beside the number of flows to be collected, another key point is to be able to visualize the informations in a simple yet effective way. ntopng allows you to create up to 32 virtual flow collection interfaces that can be used to avoid […]
NetFlow/IPFIX At Scale: Comparing nProbe/ClickHouse vs nProbe/ntopng
In our previous post we have analysed the performance of the pipeline nProbe+ntopng for those who need to collect flows and analyse them, trigger alerts, create timeseries, provide a realtime monitoring console, dump them to nIndex and inform remote recipients in case of some problem is detected. This is the main difference between the ntop […]
NetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and dump NetFlow data. The idea is to provide performance figures useful to understand the maximum […]
How to Collect and Analyse AWS VPC Flow Logs
Amazon Virtual Private Cloud (VPC) flow logs and in essence text-based Netflow-like logs consisting of fields that describe the traffic flow. They are often collected on disk and published to S3 buckets or CloudWatch for an AWS-centric monitoring infrastructure (extra AWS charge is necessary). Now suppose that you want to use this information to monitor […]