Introduction

Traffic measurements are necessary to operate all types of IP networks. Networks admin need a detailed view of network traffic for security, accounting and management reasons. The compositions of the traffic have to be analyzed accurately when estimating traffic metrics or when finding network problems. All of these measurements have to be made by analyzing all the packets flowing to the central points in the network (such as router and/or switches). The analysis could be done on the fly or by logging all the packets and than post-processing them. But with the increasing network capacities and traffic volumes this kind of approach is not very efficient. Instead similar packets (packets with a set of common properties) can be grouped together composing flows. As an example, a flow can be composed of all flowing packets that share the same source and destination address so a flow can be derived using only some fields of a network packet. This way, similar types of traffic can be stored in a more compact format without loosing the information we are interested in. This information can be aggregated in a flow datagram and exported to a collector able to report network metrics in a user-friendly format. When collected this information provides a detailed view of the network traffic.

Precise network metric measurements is a challenging task so a lot of work has been done in this filed. In commercial environments, NetFlow is probably the de-facto standard for network traffic accounting and billing. NetFlow is a technology originally created by Cisco in 1996 and is now standardized as Internet Protocol Flow Information eXport (IPFIX – RFC 3917). NetFlow is based on the probe/collector paradigm. The probe, usually part of network appliance such as a router or a switch, is deployed on the measured network segment, it sends traffic information in NetFlow format towards a central collector.

nProbe is a software NetFlow v5/v9/IPFIX probe able to collect, analyze and export network traffic reports using the standard Cisco NetFlow v5/v9/IPFIX format. It is available for most of the OSs on the market (Windows, BSD, Linux, MacOSX). When installed on a PC, nProbe turn it into a Network-aware monitoring appliance.

This manual aims at describing how to use nProbe, deploy it in networks, and how to develop plugins for extending it functionalities.

Installation

Installation instructions can be found at http://packages.ntop.org/. Nightly and stable builds are available. Stable builds are intended for production environments whereas nightly builds are intended for testing.

Licensing

Binary nProbe instances require a per-server license that is released according to the EULA (End User License Agreement). Each license is perpetual (i.e. it does not expire) and it allows to install updates for one year since purchase/license issue. This means that a license generated on 1/1/2018 will be able to activate new versions of the software until 31/12/2018. If you want to install new versions of the software release after that date, you need to purchase a new license or avoid further updating the software. For source-based nProbes you still have to obey to the nProbe license listed in appendix.

nProbe licenses are generated using the orderId and email you provided when the license has been purchased on https://shop.ntop.org/.

Note

If you are using a VM or you plan to move licenses often, and you have installed the software on a server with Internet access, you can add --online-license-check to the application command line (example: nprobe -i eth0 --online-license-check) so that at startup the license is validated against the license database. The --online-license-check option also supports http proxy setting the http_proxy environment variable (example: export http_proxy=http://<ip>:<port>).

Applying the License

Once the license has been generated, it can be applied in order for nProbe to become fully-functional. On linux, the license must be placed in a one-line file /etc/nprobe.license. On Windows, the license must be placed in a one-line file in the nProbe installation directory which is typically C:>/Program Files/nProbe. To create this one-line file on Windows, open the Notepad as an administrator and paste the generated license key. Then select “File->Save as”, specify nprobe.license as file name and save it in the nProbe installation directory. Make sure the file name has no extension (e.g., .txt) by selecting “Save as Type: All Files”.

Note

An nProbe restart is recommended once the license has been applied to make sure all the new functionalities will be unlocked.