nProbe™ Cento must be installed on a vantage point that can monitor all the traffic of interest. In packet-switched networks, it is common practice to either mirror the traffic, or use a network TAP.
Packages and installation instructions are available at http://packages.ntop.org/ for all supported distributions.
Once the installation is completed it is necessary to generate an nProbe™ Cento license otherwise the probe will operate in demo mode. A license is required for the probe to be fully operational. Please read the Licensing section below for further information.
After installing and licensing the application, you are ready to tart Cento. You can either do that using the scripts provided under /etc/init.d or systemctl, according to your OS, or alternatively you can run cento from command line.
Remember that for good results, you need to use Cento over ZC drivers. In order to install PF_RING and ZC drivers please refer to the PF_RING documentation.
nProbe™ Cento comes in three separate executables, namely, cento, cento-ids and cento-bridge. Every executable is responsible for carrying out a particular task. The main features of every executable are briefly discussed in the remainder of this section. Detailed use cases, examples, and usage guides are reported in the rest of this manual.
The cento Executable¶
The executable cento features a no-frills 100Gbps NetFlow v5/v9 IPFIX Flow probe. This executable is recommended for users who are interested in ultra-high-speed packet capture and flow generation and who do not plan to use nProbe™ Cento inline as a bridge, or in combination with IDS/IPS or packet recording systems such as n2disk.
The cento-ids Executable¶
The executable cento-ids still features a 100Gbps NetFlow v5/v9 IPFIX Flow probe, but it also has special options that allow to balance and aggregate input traffic towards one or more output queues. This is particularly useful when nProbe™ Cento has to be used in combination with IDS/IPS and packet recorders. Use cases and examples will be discussed with great deals below.
The cento-bridge Executable¶
The executable cento-bridge has, in addition to the 100Gbps NetFlow v5/v9 IPFIX Flow probe features, peculiar traffic bridging capabilities. This executable should be chosen by users who need to policy traffic (e.g., filter out a certain application) in ultra-high-speed environments. Bridging examples and use cases are given in the remainder of this guide.
nProbe™ Cento requires a per-system license that is released according to the EULA (End User License Agreement) as specified in the appendix. Each license is perpetual (i.e. it does not expire) and it allows to install updates for one year since the license issue. This means that a license generated on the 1/1/2018 will be valid for any update released until 12/31/2018. The purchase of a new license it is required to install updates released after 1 year from the initial license issue.
nProbe™ Cento licenses can be generated using the order id received and the email address provided when purchasing products at https://shop.ntop.org/. License generation page is https://shop.ntop.org/mklicense. Any license is bound to a given system as it is created from a System ID that, in turn, is generated by combining together the hardware details. You can read the System ID running cento:
cento --version v.1.5.180617 System Id: 399A9710760769FA
Generating the license you also get instructions for installing it.
Licenses are available in various flavors, depending on the number and speed of network interfaces used to feed nProbe™ Cento. The following table outlines the licenses available
|Max Simultaneous Ports||S||M||L||XL||XXL|
Applying the License¶
Once the license has been generated, it can be applied in order for
nProbe to become fully-functional. The license must
be placed in a one-line file
An nProbe Cento restart is recommended once the license has been applied to make sure all the new functionalities will be unlocked.