nProbe

Traditionally nProbe is used as a host-based network monitoring probe able to produce “augmented” flow records including performance monitoring, security and visibility information. We have a common vision with Kentik of how network instrumentation needs to evolve beyond “just” bytes and packets-based NetFlow, and of how that can enable users to understand network performance and security challenges. This year, we entered a partnership with Kentik to leverage nProbe to export rich network metrics to the Kentik Detect big data network analytics cloud platform, and we’re proud to announce the first …

Since the introduction of nProbe Cento, we receive periodically emails of users wondering what are the differences between these two applications. This post is to clarify the differences, and better position them. The nProbe family is a set of flow-oriented applications, meaning that each packet is not handled individually but as part of a flow (e.g. a TCP connection or a UDP communication such as a VoIP call). This task is significantly more expensive than handling packets individually because we need both to keep the flow state and process packets in …

Traditionally ntop has focused on passive traffic analysis. However we have realized that the traffic monitoring world has changed and looking at network flows is no longer enough: People want to enforce policies: if the network is hit by a security threat you need to stop it, without having to tweak with router ACLs or deploying yet another box to carry on this task. Combine visibility with security: flow-based analysis has to be combined with traffic introspection, activities that tools like Bro, Suricata and Snort do. Unfortunately these applications are CPU-bound so, in order to boost …

This to announce the release of nProbe 7.4. We have worked hard in this version to improve it in several way by better integrating it with ntopng, improving network performance metrics computation, ability to export data to big-data systems, make VoIP quality metrics more reliable. However the bigger innovation in this release is the probe scriptability using Lua (see the nProbe User’s Guide for all details). You can now perform actions on flows (e.g. if you see a DNS query for host www.ntop.org then execute action X) and start moving …

One of main problems of flow-based devices is their high cost or poor monitoring capabilities (nothing beyond IPv4 packets and bytes). At ntop we believe that network visibility is much more than this, as people in 2016 want application performance, deep packet inspection, export to big data system and much more. We’re experimenting with low-cost hardware devices since a long time but we finding a powerful yet cheap device with  embedded port mirror capability isn’t that simple (or cheap). Finally we have found a solution for families and small business who want to …

Last week we have previewed at FlowCon 2016 conference our new 100 Gbit probe called nProbe cento (cento is 100 in Italian). You can find our presentation slides here. We believe that it is important to combine flow monitoring with security and packet to disk. This in an integrated manner, and not by using different un-correlated applications. Cento is the next generation probe able to generate flows at 100 Gbit line rate using an x86 PC and a 100 Gbit NIC on top of PF_RING ZC, while being able to …

At ntop we’ve been playing with NetFlow/IPFIX since more than 10 years and been part of its standardisation. While we acknowledge that concept of flow (a set of packets with common properties such as the same IP/port/protocol/VLAN) is still modern, the NetFlow format is now becoming legacy as we have already discussed some time ago. Modern data crunchers such as those belonging to the big data movement or emerging data storage systems (e.g. Solr or ELK) are  based on the concept that information has to be defined on an open format (usually …

After more than three years of work, we are announcing the release of nProbe v7. This is a major evolution of v6 that many of you used in the bast few years. In essence we have worked a lot for improving the application performance, supporting new protocols (including mobile 3G/LTE network monitoring), adding new information elements and moving towards an accurate probe. nProbe still exports the data in NetFlow/IPFIX but we have opened it to new ways of handling monitoring data (e.g. using Splunk and ElasticSearch). This because today we …

Splunk is a popular realtime data capture, aggregation, and data visualisation system. Designed initially for handling application logs, in its current version is available  with a free enterprise license can index up to 500 megabytes of data per day. We have decided to use Splunk to capture and index in realtime flows generated by nProbe, and in particular those that contain non-numerical information, such as HTTP URLs for instance. The versatile of splunk is such that it can be easily customised with a few mouse clicks, so that new reports, views …