nProbe

nProbe

Combining System and Network Visibility using nProbe and Sysdig
Introduction When in 1998 we have started the development of the original ntop, there were many Unix tools for monitoring network traffic: ping, tcpdump, netstat, and many others. Nevertheless we have decided to develop ntop, because there was no tool able to show on a simple way what was happening on our network. Early this year we have started the development of some experimental PF_RING kernel module extensions able to give ntop applications visibility of process activities, this in order to bind network traffic with a process name. We have lived once more the …
nProbe

Introducing nProbe v7
After more than three years of work, we are announcing the release of nProbe v7. This is a major evolution of v6 that many of you used in the bast few years. In essence we have worked a lot for improving the application performance, supporting new protocols (including mobile 3G/LTE network monitoring), adding new information elements and moving towards an accurate probe. nProbe still exports the data in NetFlow/IPFIX but we have opened it to new ways of handling monitoring data (e.g. using Splunk and ElasticSearch). This because today we …
nProbe

Introducing nProbe Splunk App for (Free) Network and Application Monitoring
Splunk is a popular realtime data capture, aggregation, and data visualisation system. Designed initially for handling application logs, in its current version is available  with a free enterprise license can index up to 500 megabytes of data per day. We have decided to use Splunk to capture and index in realtime flows generated by nProbe, and in particular those that contain non-numerical information, such as HTTP URLs for instance. The versatile of splunk is such that it can be easily customised with a few mouse clicks, so that new reports, views …
nProbe

How to Balance (Mobile) Traffic Across Applications Using PF_RING
Traffic monitoring requires packets to be received and processed in a coherent matter. Some people are lucky enough to get all interesting packet on a single interface, but this is unfortunately not a common scenario anymore: The use of network taps split one full-duplex interface into two half-duplex interfaces each receiving a direction of the traffic. Standby interfaces, require traffic monitoring apps to surveil two interfaces, where traffic flows only on one interface at time. Asymmetric traffic (i.e. all protocols similar to HTTP where the traffic in one direction is …
nProbe

Running nProbe and ntopng on Ubiquity EdgeRouter Lite
On this blog we have already discussed on how to compile and run ntopng and nProbe on a BeagleBoard and Raspberry Pi. Now we explain (courtesy of  Shane Graham) how to achieve the same on a Ubiquity EdgeRouter Lite, a cheap yet powerful router. First, setup the proper Debian repository: configure set system package repository squeeze components 'main contrib non-free' set system package repository squeeze distribution squeeze set system package repository squeeze url http://http.us.debian.org/debian set system package repository squeeze-security components main set system package repository squeeze-security distribution squeeze/updates set system package repository …
nProbe

Using ntopng and nProbe on the BeagleBone (small is beautiful)
For years we enjoyed pushing the limits of our software products (our nBox recorder is able to handle multi-10Gbit interfaces for instance), but our roots are not there. All started in 2003 with this small PowerPC-based nBox where we have first integrated nProbe into it. Now after 10 years, it is time to rethink all this and try again. On the market there are several small and cheap platforms such as the Raspberry Pi, the BeagleBone Black and the EdgeMax that are ideal platforms for our apps. We have then decided …
nProbe

Why nProbe+JSON+ZMQ instead of native sFlow/NetFlow support in ntopng?
Both sFlow and NetFlow/IPFIX are the two leading network monitoring protocols used today on the market. They are two binary protocols encapsulated over UDP, with data flowing (mono-directional) from the probe (usually a physical network device or a software probe such as nProbe)  to the collector (a PC that receives traffic and handles is or dumps it on a database). This architecture has been used for decades, it still makes sense from the device point of view but not for the application (developer) point of view for many reasons: The …
nProbe

Tracking and Troubleshooting Mobile Phone Users (IMSI) using the MicroCloud
The microcloud is one of the fields where s used extensively by mobile network operators. The reasons are manyfold: Data aggregation facilities offered in realtime by the microcloud. Realtime user-to-tunnel mapping. User traffic-to-user correlation. Unfortunately when a mobile network is populated by million of active users (IMSI), troubleshooting a problem can be a problem. Tools such as wireshark that are used on fixed networks do not work because: The network is distributed, so there is not single sniffing point, but rather it is necessary to deploy our tools across the …
n2disk

Learning The ntop World of Apps
The main criticism to ntop is the lack of documentation. This is because we have to maintain many projects, have little time, and also because we prefer coding to documentation. We decided to fill this gap and give a positive answer to your requests: We have created the nBox GUI to enable you to use all our applications without the pain of compiling and configuring them. This is a free product that everyone can use to build their own measurement gear or just to start ntop using a web browser. …
n2disk

How to build yourself a nBox Probe and Packet Recorder
If you need a network probe or a packet recorder you have two options. Grab a turn-key nBox or built it yourself using our software. In the first case you will receive a optimised system, with the right motherboard/CPU/NIC for your monitoring tasks and all software preinstalled/configured. However if you want to build yourself your nBox (e.g. you can reuse an old/spare server or get a new one if you plan to address 10 Gbit monitoring) you can now do it. Below we will describe how to build it step by …
Announce

Introducing nBox 2.0 (aka how to use/configure ntop apps using a web GUI)
Years ago we decided to create the nBox appliance as turn-key solution for those that were not fans of the command line. Then we decided to rewrite the nBox GUI to make it simpler, more modern, and usable by all ntop users, to configure ntop, nProbe, n2disk, PF_RING and DNA.   In essence we have created a new web interface that can simplify your configurations, assist with complex things such as core affinity or DNA configuration, and let you focus on ntop applications rather than on their configuration. You can download …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe