nProbe Keeps up with Gigabit speeds on commodity hardware
Download

nProbe Ranking & Summary

nProbe Tags

capture packet flow capture packet capture card

nProbe Description

Many people are aware that not all the available NetFlow probes are scalable. nProbe has been designed to keep up with Gigabit speeds on commodity hardware. Using a dual core CPU, nProbe can be used for capturing packets at full speed with no/very little (< 1%) packet loss using PF_RING. You can achieve better results using packet/flow sampling (i.e. the probe does not receive all the packets but just a sample), or using an accelerated packet capture card. Main features: Added layer 7 application visibility (including Skype, BitTorrent, Citrix). NetFlow v9/IPFIX support for efficient flow handling. Added Cisco NetFlow-Lite support (as of version 6.5). Full IPFIX support: PEN (Private Enterprise Numbers) and Variable length encoding. Support for IPv4 and v6. Limited memory footprint (less that 2 MB of memory regardless of the network size) and CPU savvy. Ability to natively save flows into MySQL and SQLite, as well as text and binary. Ability to natively dump flows in FastBit format. Native PF_RING support for high speed flow generation (nProbe™ Pro Unix and above). Ability to act as flow collector and proxy. All combinations are supported. Ability to collect sFlow flows and turn them into flows (v5/v9/IPFIX). Support of detect protocols via DPI (deep packet inspection) and report protocol name in flows for precise collector protocol accounting. Ability to forge NetFlow interfaceIds based on MAC/IP addresses. Collection of Cisco ASA flows and conversion in ‘standard’ flows. New nprobe architecture for better performance and exploitation of multicore architectures. Support of tunneled (including GRE, PPP and GTP) traffic and ability to export in flows inner/outer envelope/packet information. Support of both flow and packet sampling. Support of Flexible Netflow: create your netflow templates, now with PEN support. VoIP (SIP and RTP) traffic analysis. HTTP and MySQL protocol analysis: ability to generate logs of web and mysql activities in addition to flow export. BGP Plugin for establishing a BGP session with a router and generate flows with AS and AS path information. Plugin architecture for easy extensibility via custom V9/IPFIX tags. Fully interoperable with commercial collectors such as IsarFlow, Fluke, Cisco, Dartware, AdventNet, Arbor Networks, Plixer, NetFlow Auditor, SolarWinds Orion NTA. Designed for running on environments with limited resources (the nProbe™ binary < 100 Kb) and embedded systems (e.g. ARM-based appliaces). It can be used to build cheap NetFlow probes using commodity hardware. Able to save flows on disk for later analysis or integration into an existing monitoring application. Fully user configurable. High-performance probe: commercial probes included those embedded on routers and switches are often not able to keep up with high-speeds. Ntop can be used as collector and analyser for NetFlow v5/v9/IPFIX flows such as those generated by nProbe™ and commercial routers.

nProbe Related Software