nProbe

nProbe

10 Gbit (Line Rate) NetFlow Traffic Analysis using nProbe and DNA
In the past couple of years, 10 Gbit networks are gradually replacing multi-1 Gbit links. Traffic analysis is also increasingly demanding as “legacy” NetFlow v5 flows are not enough to network administrators who want to know much more of their network than simple packets/bytes accounting. In order to satisfy these needs, we have added in the latest nProbe 6.9.x releases many new features including: Flow application detection (via nDPI) Network/application latency Support of encapsulations such as GTP/Mobile IP/GRE Various metrics for computing network user-experience Extension to plugins to provide even …
nProbe

Getting More Information On Your Network Performance
This week ntop will be present at the Open Source System Management Conference 2012, that will take place this Thursday in Bolzano, Italy, organized by our partner and sponsor Würth-Phoenix. We’ll give a speech about how to analyze network performance with our nProbe/ntop applications, as well how to characterize the applications generating traffic. In fact it is important not to do generic and aggregate metric monitoring, but to characterize flow-by-flow so that we can generate alerts per-application. During the event we’ll speak about future nProbe extensions that we’ll introduce later …
nProbe

SFProbe: Embedding nProbe on an SFP
In 2004 my friend Alex Tudor of Agilent involved ntop on a very challenging project. The idea was to monitor the network from the exact place where packets were originated. In fact popular network taps and span ports are not the right tools as they are added to an existing network (i.e. the network does not need them, but probes do need them). The same applies to active monitoring: traffic should be generated from the right place. So if you want to see the router-to-router latency you should let the router …
nProbe

Using nProbe for Solving General Traffic Monitoring Tasks
Most people use nProbe just as a basic NetFlow/IPFIX probe where traffic monitoring is limited to packet header analysis, without further dissecting protocols. This practice is very common inside the NetFlow community and it’s one of the reasons why flow-based analysis has not changed much since its inception. Fortunately nProbe can do much more than this (e.g. it can inspect traffic on tunnels, or geo-locate flow peers), and below are just some use cases: Browsing the Internet is slow, some URLs cannot be accessed Most likely the DNS is not …
nProbe

Unveiling Application Visibility in ntop and nProbe (both in NetFlow v9 and IPFIX)
For years, applications have used static ports so that port 80 means HTTP, and port 25 SMTP. Unfortunately this 1:1 mapping has been relaxed years ago with dynamic ports so that a given service could use a range of ports (e.g. for circumventing security policies) or even a fully dynamic port (e.g. see portmap). The opposite is also true, namely HTTP can run on ports other than 80, so that you can see it for instance on port 3000 that is the default HTTP port in ntop. HTTP is also …
nProbe

NetFlow-lite Webcast Invitation
This is to invite you to webcast NetFlow-lite: Enable Data Center-wide Monitoring which is scheduled for Tuesday, 06-28-2011. I will be speaking  about NetFlow-lite together with the key Cisco people who worked with me at this project. Hope you will join the workshop! …
nProbe

NetFlow-Lite and nProbe: a Tutorial
Today we have held a webinar about NetFlow-Lite with both Cisco and Plixer. Subscribers of this blog should know by now what is NetFlow-Lite and why nProbe is necessary to exploit this technology. Nevertheless you might be interested to know more about NetFlow-Lite, both in terms of features and usage scenarios. Below you can find a could of presentations about this topic that I think are worth reading: ntop, Implementing a NetFlow Cache for NetFlow-Lite Cisco Systems, Catalyst 4948E NetFlow-lite ntop, Using nProbe as NetFlow-Lite Aggregator In interested, you can also see the video …
nProbe

Invitation to NetFlow-Lite Webinar
As most of you know, nProbe has recently added NetFlow-Lite support in 6.5 release. NetFlow-Lite is a protocol that brings you visibility into switched networks, similar to what NetFlow “classic” is doing on routed networks. As this technology is pretty new, perhaps you might be interested in hearing more about it right from the source. I would like to invite you to this free webinar that will take place later this week. Shall you be interested please register now. Cisco NetFlow-Lite: Enabling Traffic Monitoring at Data Center Access Date: May …
nProbe

Using nProbe as NetFlow-Lite Cache
As previously stated on this blog, we have worked tightly with Cisco as nProbe has been selected as reference implementation for NetFlow-Lite flow conversion. Although NetFlow-Lite support has been added to nprobe since version 6.1.4 and it’s available on all supported platforms (both Unix and Windows), with nProbe 6.5 (just released) we have moved NetFlow-Lite support to the next level. This is because nProbe now features both a Specialized plugin for NetFlow-lite flow collection that increases of 5x times the collection performance. PF_RING kernel plugin (Linux only) that can convert …
nProbe

How to Monitor Latency Using nProbe
On May 12th in Bolzano (I) at the Nagios World Conference Europe,  I will give a speech about network and application latency monitoring using nProbe. This is an hot topic, in particular for those who think of NetFlow/IPFIX as just a way to count bytes and packets. NetFlow/IPFIX instead is (this is my opinion) an open protocol that can be used to carry monitoring data from observation points to monitoring systems. The fact that many probes export you just bytes 'n packets info, it's not a protocol limitation but a probe limitation. In this respect nProbe supports many extensions such as latency monitoring, information about packets out-of-order, retransmitted, fragmented, average flow packet size and many more. In particular, latency is computed both as network and application latency: Read more
nProbe

Tuning nProbe 6.4 Scalability and Performance
Release 6.3 of nprobe targeted IPFIX compatibility. In release 6.4.x (just introduced) the main focus has been on scalability and performance. Until 6.3, the nProbe architecture was not really exploiting multicore systems, due to heritage of previous versions. With this release nProbe reaches a new level as you can see from the graph below (traffic was generated using an IXIA 400, flows last 5 seconds, and are emitted in V5 format, PF_RING 4.6.3, Intel e1000e capture adapter with PF_RING-aware driver [no TNAPI]). Both graphs depict the sustained throughput rate (Y …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe