nProbe™ Cento must be installed on a vantage point that can monitor all the traffic of interest. In packet-switched networks, it is common practice to either mirror the traffic, or use a network TAP.

Packages and installation instructions are available at for all supported distributions.

Once the installation is completed it is necessary to generate an nProbe™ Cento license otherwise the probe will operate in demo mode. A license is required for the probe to be fully operational. Please read the Licensing section below for further information.

After installing and licensing the application, you are ready to tart Cento. You can either do that using the scripts provided under /etc/init.d or systemctl, according to your OS, or alternatively you can run cento from command line.

Remember that for good results, you need to use Cento over ZC drivers. In order to install PF_RING and ZC drivers please refer to the PF_RING documentation.


nProbe™ Cento comes in three separate executables, namely, cento, cento-ids and cento-bridge. Every executable is responsible for carrying out a particular task. The main features of every executable are briefly discussed in the remainder of this section. Detailed use cases, examples, and usage guides are reported in the rest of this manual.

The cento Executable

The executable cento features a no-frills 100Gbps NetFlow v5/v9 IPFIX Flow probe. This executable is recommended for users who are interested in ultra-high-speed packet capture and flow generation and who do not plan to use nProbe™ Cento inline as a bridge, or in combination with IDS/IPS or packet recording systems such as n2disk.

The cento-ids Executable

The executable cento-ids still features a 100Gbps NetFlow v5/v9 IPFIX Flow probe, but it also has special options that allow to balance and aggregate input traffic towards one or more output queues. This is particularly useful when nProbe™ Cento has to be used in combination with IDS/IPS and packet recorders. Use cases and examples will be discussed with great deals below.

The cento-bridge Executable

The executable cento-bridge has, in addition to the 100Gbps NetFlow v5/v9 IPFIX Flow probe features, peculiar traffic bridging capabilities. This executable should be chosen by users who need to policy traffic (e.g., filter out a certain application) in ultra-high-speed environments. Bridging examples and use cases are given in the remainder of this guide.


nProbe™ Cento requires a per-system license that is released according to the EULA (End User License Agreement) as specified in the appendix. Each license is perpetual (i.e. it does not expire) and it allows to install updates for one year since the license issue. This means that a license generated on the 1/1/2018 will be valid for any update released until 12/31/2018. The purchase of a new license it is required to install updates released after 1 year from the initial license issue.

nProbe™ Cento licenses can be generated using the order id received and the email address provided when purchasing products at License generation page is Any license is bound to a given system as it is created from a System ID that, in turn, is generated by combining together the hardware details. You can read the System ID running cento:

cento --version
System Id: 399A9710760769FA

Generating the license you also get instructions for installing it.

Licenses are available in various flavors, depending on the number and speed of network interfaces used to feed nProbe™ Cento. The following table outlines the licenses available

Max Simultaneous Ports S M L XL XXL
1Gbps 2 Unlimited Unlimited Unlimited Unlimited
2 Unlimited Unlimited Unlimited
2 Unlimited Unlimited
2 Unlimited

Applying the License

Once the license has been generated, it can be applied in order for nProbe to become fully-functional. The license must be placed in a one-line file /etc/cento.license.


An nProbe Cento restart is recommended once the license has been applied to make sure all the new functionalities will be unlocked.