nProbe™ functions as both a NetFlow probe and collector, enabling users to collect and export NetFlow flows from network devices or act as a replacement for existing low-speed probes. It supports high-speed network analysis with minimal packet loss and can forward monitored flows to collectors like ntopng or commercial alternatives. Available as a standalone application or embedded system (nBox), nProbe™ offers extensive features for network monitoring and traffic analysis. It supports Linux, FreeBSD, Windows, and embedded ARM/MIPS environments. The software provides Layer-7 application visibility, NetFlow v5/v9/IPFIX support, and the ability to block and shape traffic using nDPI in IPS mode. It includes full IPFIX support, IPv4 and IPv6 compatibility, and has a small memory footprint. nProbe™ can export flows to various formats, including Apache™, Syslog, MySQL/MariaDB, Splunk, Kafka, and ElasticSearch. It supports PF_RING and PF_RING Zero Copy (ZC) for high-speed packet capture, acts as a flow collector and proxy, and translates sFlow flows into NetFlow formats. The software can forge NetFlow interface identifiers, collect Cisco ASA flows, and uses a multi-threaded architecture. It supports tunnelled traffic, flow and packet sampling, Flexible Netflow, VoIP traffic analysis, and HTTP/MySQL/DNS protocol analysis. nProbe™ is interoperable with commercial collectors and can be used on resource-limited environments. It saves flows on disk, is user-configurable, and offers native nTap support for cloud environments. Agent mode on Windows and Linux augments network metadata with user and process information.

Features & Benefits

• NetFlow Probe and Collector
  • Collects and exports NetFlow v5/v9/IPFIX flows from network devices.
• High-Speed Analysis
  • Analyzes multi-Gbit networks at full speed with minimal packet loss.
• Layer-7 Application Visibility
  • Provides visibility into over 250 applications, including Skype, BitTorrent, and Citrix.
• NetFlow and IPFIX Support
  • Offers efficient flow handling with NetFlow v5/v9/IPFIX and Cisco NetFlow-Lite support.
• IPS Mode
  • Blocks and shapes traffic using nDPI.
• Flow Export Options
  • Exports flows to Apache™, Syslog, MySQL/MariaDB, Splunk, Kafka, and ElasticSearch.
• PF_RING Support
  • Supports PF_RING and PF_RING Zero Copy (ZC) for high-speed packet capture.
• Flow Collection and Proxy
  • Acts as a flow collector and proxy, supporting various combinations.
• sFlow Translation
  • Collects sFlow flows and translates them into NetFlow v5/v9/IPFIX.
• Cisco ASA Flow Collection
  • Collects Cisco ASA flows and converts them into NetFlow v5/v9/IPFIX.
• Tunnelled Traffic Support
  • Supports tunnelled traffic (GRE, PPP, VXLAN, GTP) and exports inner/outer packet information.
• VoIP Analysis
  • Analyzes VoIP (SIP and RTP) traffic, including voice quality and (pseudo-)MOS.
• Protocol Analysis
  • Performs HTTP, MySQL/Oracle, and DNS protocol analysis, generating logs of activities.
• Plugin Architecture
  • Offers easy extensibility via custom V9/IPFIX tags.
• Interoperability
  • Fully interoperable with commercial collectors like IsarFlow, Fluke, Cisco, Dartware, Arbor Networks, Plixer, NetFlow Auditor, and SolarWinds Orion NTA.
• Resource Efficiency
  • Designed for environments with limited resources and embedded systems.
• Traffic Visualization
  • Can be used with ntopng to visualize, collect, and analyze monitored traffic.
• Native nTap Support
  • Collects traffic from cloud, VMs, containers, and physical hosts.
• Agent Mode
  • Augments network metadata with user and process information on Windows and Linux systems (eBPF based).