Definitions

  • Aggregated Egress Queue

A queue that is output by nProbe™ Cento which carries traffic that has been aggregated from multiple input interfaces.

  • Balanced Egress Queue

A queue that is output by nProbe™ Cento which carries a subset of traffic received from an input interface. The subset is build to make sure packets belonging to the same flow are always forwarded to the same balanced egress queue.

  • Collector

Shorthand for flow collector.

  • Egress Queue

A queue that is output by nProbe™ Cento and is consumed by some other software such and an IDS/IPS or a traffic recorder.

  • Exporter

Shorthand for flow exporter.

  • Flow

Network packets can be aggregated into logical pipes termed “flows”. A flow is uniquely identified by: source and destination IP addresses, source and destination ports, and layer 4 protocol.

  • Flow exporter

A piece of hardware/software that outputs flows to a medium (e.g., over the network, to file, to other other software).

  • Flow collector

A piece of hardware/software that collects flows from a medium (e.g., from the network, from file, from other software).

  • IDS

An Intrusion Detection System that detects known threats, policy violations and malicious behaviors.

  • IPFIX

The Internet Protocol Flow Information Export (IPFIX) is a protocol that defines how to transfer flow data from an exporter to a collector.

  • IPS

An Intrusion Prevention System that protects the network against possible known threats, policy violators and malicious hosts.

  • Kafka

A multi-producer, multi-consumer, publish-subscribe distributed messaging system.

  • n2disk

The ntop high-performance packet-to-disk software that records network packets to disk and indexes packet metadata in near realtime to enable fast searches.

  • NetFlow v5/v9

Standards that define and describe how to aggregate packets into flows, and how to transfer flow data from an exporter to a collector.

  • ntopng

The ntop network traffic visualization software.

  • Packet-to-Disk

The act of writing full network packets (i.e., headers and payloads at any level) to persistent storage. See also traffic recorder.

  • Probe

Shorthand for Flow exporter.

  • Shunting

The act of filtering network packets that limits the number of per-flow packets to a given fixed value k. Any flow packet that arrives after the k-th is dropped.

  • Snort

An open source network IDS for Unix and Windows.

  • Suricata

An IDS/IPS to match on known threats, policy violations and malicious behavior.

  • Slice-l3

The act of filtering network packets that truncates packets right after the IP headers.

  • Slice-l4

The act of filtering network packets that truncates packets right after the TCP/UDP headers.

  • Syslog

A standard for message logging.

  • Traffic Recorder

A piece of hardware/software that writes network packets to persistent storage (e.g., HDD, SSD, nVME) for archiving purposes or further processing.

  • TAP

A network TAP (Test Access Point) is a hardware device inserted at a specific point in the network to monitor full-duplex data.