What’s New

nProbe 8.5 (Development)

  • New Options - --max-ingress-rate to set the maximum ingress rate (Mbit/s) for rate limiting the processed traffic

nProbe 8.4 (April 2018)

  • Main New Features
    • DPDK support
    • Implements Kafka batching, options parsing, and variable number of producers
    • Adds Kafka messages transmission statistics
  • New Options
    • --plugin-dir to load plugins from the specified directory
    • --adj-from-as-path to get previous/next adjacent ASNs from BGP AS-path
    • --disable-sflow-upscale to disable sFlow upscaling
    • --terminate-in for debugging purposes
  • Extensions
    • Implemented ICMP network latency
    • Added ICMP type/code on flow keys to differenciate ICMP flows from the same peers
    • sFlow upscale now takes into account sample drops
    • Improves throughput calculations with NetFlow
  • Fixes
    • Fixed crash with ICMP traffic and not extended template Rework for whatsapp support
    • Fixes framentation issues that could lead to crashes
    • Prevents leaks with multiple BGP updates
    • Fixes a crash when exporting option templates to Kafka
    • Fixes missing fields (e.g, FIREWALL_EVENT) in MySQL db columns
    • Preserve endianness of string_dump_as_hex NetFlow custom fields
    • Fixes overwrite of untunnelled addresses for tunnels after the first
    • Updates centos7 mysql dependency to work either with mysql and mariadb
    • Fixed invalid FTP detection
    • Fix for computing %DIRECTION even with reduced temolate IEs
    • Fixes wrong sFlow average scale estimation
    • Fix for wrapping ZMQ rates > 4Gbps
    • Fixed loop bug in plugin handling when multiple plugins are enabled

nProbe 8.2 (December 2017)

  • Main New Features
    • Support for multiple --zmq endpoints to load-banace exported flows in a round-robin fashion
    • Full support for NetFlow exported by ASA, including firewall events and cumulative counters
    • MySQL database interoperability with ntopng using template -T "@NTOPNG@"
  • New Options
    • Added --plugin-dir <dir> for loading plugins from the specified directory
  • Extensions
  • bgpNextHop support
  • Full systemd support for Debian, Ubuntu, Centos, and Raspbian
  • Fixes wrong flow first/last calculations when collecting IPFIX
  • Added support for flowDurationMillis Fixed bug for properly handling flowStart/flowEndMillis
  • sFlow
    • Improved sFlow upscale algorithm and added heuristic to prevent sFlow exporters bugs
    • Fixed throughput calculation and upsampling of sFlow traffic

Release 8.0 (June 2017)

  • Main New Features
    • Reworked packet fragmentation support that was not properly rebuilding packet fragments
    • Many tiny bugs fixed that increase stability and metrics reliability
    • Implemented BPF filtering with PF_PACKET directional sockets
    • Added VXLAN support
    • Created multiple kafka publishers to enhance performance
    • Implemented options template export via Kafka
    • Added support for collection of IXIA URI and Host
    • Added @SIP@ and @RTP@ plugin shortcuts for VoIP analysis
    • Improved SSL dissection
    • Added support for GTPv2 PCO
    • Added support for IPFIX flowEndMilliSeconds when observationTimeMilliSeconds (often in Cisco ASA)
    • Added ability to export sFlow interface counters via ZMQ
    • Added drops (export/elk/too many flows) drops
    • Added kflow export (kentik.com)
  • New Options
    • --upscale-traffic to scale sampled sFlow traffic
    • --kafka-enable-batch and --kafka-batch-len to batch flow export to kafka
    • --load-custom-fields to support custom fields shipped with NetFlow (see http://www.ntop.org/nprobe/collecting-proprietary-flows-with-nprobe/)
    • --max-num-untunnels to decapsulate up to 16 tunnelling levels.
    • --vlanid-as-iface-idx to use the VLAN tag as the interface index
    • --zmq-disable-compression to disable ZMQ data compression
  • Extensions
    • Added %NPROBE_IPV4_ADDRESS to export the IP address of the nProbe sensor, whereas %EXPORTER_IPV4_ADDRESS contains the IP address of the flow exporter (e.g. the router that generated the exported flow)
  • Releases up to 7.4 (June 2016) *
  • Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding.
  • Ability to natively dump flows in FastBit format that allows to outperform relational and raw flow-based collectors.
  • Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX).
  • Collection of Cisco ASA flows and conversion in ‘standard’ flows.
  • New design for better performance and exploitation of multicore architectures.
  • Support of tunneled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information.
  • HTTP and MySQL protocol analysis: ability to generate logs of web and mysql activities in addition to flow export.
  • BGP Plugin for establishing a BGP session with a router and generate flows with AS and AS path information.
  • ElasticSearch flow export
  • Kafka brokers flow export

Release 6.15 (January 2014)

  • Updated nProbe with 6.15 features.

Release 5.0 (February 2008)

  • Updated nBox firmware
  • Updated nProbe with latest features.
  • Updated ntop with latest 3.3.X version.

Release 4.0 (July 2007)

  • Updated nBox with latest 2.6 kernel series image
  • Updated nProbe with 4.9 version coverage.

Release 3.9 (April 2005)

  • Updated nBox section

Release 3.0.1 (February 2004)

  • Updated nBox section

Release 3.0 (January 2004)

  • Added nProbe 3.0 coverage

Release 2.2 (October 2003)

  • Added nBox coverage

Release 2.1 (June 2003)

  • Added nFlow support

Release 2.0.1 (February 2003)

  • Added the ability to save flows on disk (-P flag)

Release 2.0 (January 2003)

  • Added the ability to select multiple NetFlow collectors.
  • Added --p flag for ignoring TCP/UDP ports.
  • Added --e flag for slowing down flow export speed.
  • Added --u flag for identifying input NetFlow devices into emitted flows.
  • Added --z flag for preventing nProbe from emitting tiny flows.
  • Added --a flag for selecting the way flows are exported to several collectors (if defined).
  • Added the ability to control an LCD display where the probe can report traffic statistics.
  • Enhanced TCP flags support in exported flows.

Release 1.3 (July 2002)

  • First public release.