All Blog Posts

PF_RING

Best practices for using Bro IDS with PF_RING ZC. Reliably.
Zero copy technologies such as PF_RING ZC allow applications to read packets in memory without any actor involved, being it the kernel or a memory copy. This is the reason why using ZC you can easily fill up a 10 Gbit line using a single thread and a single network card queue. The drawback of zero copy is that applications must be well behaved as the same packet is shared across multiple applications and thus if one application pollutes the packet memory, this problem affects all the consumers. The same …
ntopng

Using nfsen-like Traffic Profiles in ntopng
One of the great features of nfsen is the ability to specify filters for identifying specific traffic and thus aggregate and graph it. In ntopng we aggregate traffic per host and networks. However sometimes you want to aggregate using other criteria. Examples include: Traffic from host A to host B VPN traffic sent from host X to concentrator Y Facebook traffic sent from iPad 192.168.13.4 ntopng web traffic In order to implement these measurements, in ntopng we have introduced the concept of network profiles. Each profile is defined using the “Traffic …
nProbe

Towards 100-Gbit Flow-Based Network Monitoring
Last week we have previewed at FlowCon 2016 conference our new 100 Gbit probe called nProbe cento (cento is 100 in Italian). You can find our presentation slides here. We believe that it is important to combine flow monitoring with security and packet to disk. This in an integrated manner, and not by using different un-correlated applications. Cento is the next generation probe able to generate flows at 100 Gbit line rate using an x86 PC and a 100 Gbit NIC on top of PF_RING ZC, while being able to …
Announce

Join us at the San Francisco Network Visibility Meetup on Jan 19th
After the Flocon 2016 meetup we held this week, next week we’re organising a meetup for our users of the bay area where we will discuss a new arguments including high-speed sensors and network analytics. http://www.meetup.com/San-Francisco-Network-Visibility-Meetup/ For those who have not attended the Flocon meetup (~25 people attended it, for a 30 min presentation followed by a 2h open discussion), the main comments have been: Network monitoring has to be integrated with security tools: people demand small machines able to visualise network traffic metrics as well report potential security violations. Inline …
Announce

You’re invited to the ntop Meetup at Flocon 2016
Topic: ntop Meetup – Affordable High-Speed Sensors Everywhere Abstract:  Come and meet Luca Deri, members of the ntop team, and fellow “ntop stack” users and partners as we talk about making instrumentation of the entire infrastructure possible with sensor prices at cost points not before considered possible!  Luca and his team are also looking for your input and feedback for their 2016 roadmap! When: 5:30-7:00 p.m., Wednesday, January 13th Location:  Flocon 2016 Conference, Coquina Ballroom A Refreshments provided courtesy of Kentik Technologies Meetup Presentation Slides Agenda:1) Luca Deri:  ntop Roadmap/Discussion (30 …
Announce

ntop 2016 Roadmap
2015 has been a year full of activities that allowed us to consolidate our tools and thus provide a better service to the community. In 2016 the plan is the following: 100 Gbit As in 2015 we have added support for 40 Gbit in PF_RING, 2016 will be the year of 100 Gbit. We already support the Accolade and Napatech 100 Gbit NICs in PF_RING, but the plan is to make 100 Gbit commodity, and thus as soon as the new Intel Red Rock Canyon adapters will be available (we expect …
Guides

Ntopng Integration with Nagios
Discontinuation Notice This post becomes obsolete effective with ntopng 4.1+. Full discontinuation notice available here. This tutorial shows how to properly configure nagios and ntopng (Professional) in order to send asynchronous ntopng-generated alerts to nagios. Prerequisites It is assumed that the following software is already installed and properly configured: nagios daemon nagios NSCA (Nagios Service Check Acceptor) daemon ntopng Professional Please see the Resources section at the bottom of this page for useful links and guides on how to set-up nagios and NSCA daemons. Tutorial Set-Up This tutorial uses two hosts connected to …
ntopng

ntopng 2.2 Just Released
After over 6 months of work, we’re pleased to announce the release of ntopng 2.2 (as already discussed even numbers identify stable releases whereas odd number development versions). The goal of this release has been to consolidate the existing work, fix issues reported by users, improve the reports we have introduced in 2.0 and pave the way for the next development iteration where we plan to add new features (we’ll present the roadmap in the next few weeks). The main new features of this release is the introduction of traffic …
PF_RING

Introducing PF_RING 6.2
This is to announce the release of PF_RING 6.2 that has several improvements with respect to the previous version. As previously accounted, we have extended support of non-Intel devices in PF_RING to provide you the best experience supporting many new devices (and a few more will come in the following months). We have specialised PF_RING for FPGA-based adapters, and added support of 100 Gbit adapter such as those manufactured by Accolade technology and Napatech. As you might have noticed, we have moved release versioning to odd/even numbers. An even minor version …
PF_RING

Using (Suricata over) PF_RING for NIC-Independent Acceleration
In the past few years we have tried to open PF_RING in an attempt to turn it into the “new pcap” API for packet processing. Recently we have added native support for speedy FPGA-based NICs and thus created a single API for efficient NIC-independent packet processing. If you are interested in hearing more about this subject, you can have a look at the slides or watch the video of our presentation, held in Barcelona at the Suricata Conference 2015. Enjoy! …
PF_RING

PF_RING now supports Accolade, Myricom, Napatech at 10/40/100 Gbit (and commodity NICs)
For years we have optimised PF_RING to support multi-10 Gbit/40 Gbit operations in zero-copy at line rate using ZC. Our users know that using PF_RING they can operate at line rate in RX+TX, balance packets across processes, drop/prioritise traffic etc etc. After a few years where commodity NICs (mostly Intel) combined with PF_RING  have reached basically the same performance of FPGA-based adapters, the rush towards 100 Gbit has revamped interested towards non-commodity NICs. Due to this, you can now find on the market FPGA-based network adapters from companies such as …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe