Tag: nProbe

nProbe

NetFlow Collection Performance Using ntopng and nProbe
Introduction ntopng, in combination with nProbe, can be used to collect NetFlow. Their use for NetFlow collection is described in detail here. In this post we measure the performance of nProbe and ntopng when used together to collect, analyze, and dump NetFlow data. The idea is to provide performance figures useful to understand the maximum rate at which NetFlow can be processed without loss of data. Before giving the actual figures, it is worth discussing briefly the most relevant unit of measure that will be used, i.e., the number of …
nProbe

nProbe IPS: How To setup an Inline Layer-7 Traffic Policer in 5 Minutes
Introduction Recently, we have added Intrusion Prevention System (IPS) capabilities to our nProbe. Those capabilities are available starting from the latest 9.5 version, both for Linux and FreeBSD – including OPNsense and pfSense, and are available with all nProbe versions and licenses (see the product page for additional details). On Linux, nProbe leverages the netfilter framework. In essence, the kernel send packets to nProbe via NF_QUEUE which, in turn, gives each packet a pass/drop verdict so that it can be dropped or let it continue its journey through the network. …
nProbe

Measuring nProbe ElasticSearch Flow Export Performance
nProbe (via its export plugin) supports ElasticSearch flows export. Setting up nProbe for the ElasticSearch export is a breeze, it just boils down to specifying option --elastic. For example, to export NetFlow flows collected on port 2058 (--collector-port 2058)  to an ElasticSearch cluster running on localhost port 9200, one can use the following nprobe -i none -n none --collector-port 2058 --elastic "flows;nprobe-%Y.%m.%d;http://localhost:9200/_bulk" nProbe will take care of pushing a template to ElasticSearch to have IP fields properly indexed, and will also POST flows in bulk to maximize the performance. Recently …
nProbe

How to export BGP routing information (AS Path) in network flows
Tools like traceroute have been used for a long time to track the forward path of packets, i.e. the journey of our packets to a remote destination. Unfortunately with traceroute nothing can be said about the path of ingress packets, it not assuming that routing is symmetrical, fact that is often not correct. For this reason we have designed a solution that allows path information to be report in emitted flows. As the most popular exterior gateway protocol used on the internet is BGP, we have designed a tool that …
nProbe

Network Monitoring 101: A Beginner’s Guide to Understanding ntop Tools
The first important step to start with network monitoring is to analyze what we want to monitor and how to deploy the monitoring solution in the existing network. Here are some important questions to ask ourselves before starting the actual monitoring: Do we need to monitor the entire network or just a specific segment? Do we already have network appliances with network flow export capabilities (e.g. NetFlow/sFlow devices)? Can we use port mirroring of a switch or a network TAP? Where are we deploying our network monitoring appliances to get …
Announce

nProbe 8.2 stable is out – A Wink At Next-Gen ASA Firewalls
We are pleased to announce that the new 8.2 release of nProbe is out. This release features full Cisco ASA NetFlow support. ASA are industry’s first threat-focused next-generation firewalls that export a rich set of information through NetFlow. Being able to collect ASA data using nProbe will give you an advantage over collectors that only interpret standard NetFlow. Collected data can also be sent to ntopng over ZMQ to actually create a very effective solution for the monitoring and visualization of firewall-generated data. ZMQ-based data export has been greatly improved in …
cento

Stream That Flow: How to Publish nProbe/Cento Flows in a Kafka Cluster
Apache Kafka can be used across an organization to collect data from multiple sources and make them available in standard format to multiple consumers, including Hadoop, Apache HBase, and Apache Solr. nProbe — and it’s ultra-high-speed sibling nProbe cento — integration with the Kafka messaging system makes them good candidates source of network data. The delivery of network data to a redundant, scalable, and fault-tolerant messaging system such as Kafka enables companies to protect their data even in-flight, that is, when the consolidation in a database has still to occur. An impatient reader who is eager to use Cento for …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe