Dissecting Network Traffic with Profitap & Ntop

Internet Service Providers (ISPs) face the struggles of extreme bandwidth usage compounded by customer growth. While this is great for business, the challenge is making sure the bandwidth is being used effectively. Many times, customers will complain that “the internet is slow” when really it is because they are using up 98% of their bandwidth on YouTube or online backup, etc.

These customers may not know they are the source of their problems and without the right tools, the ISP may not be able to troubleshoot this issue as well. Problems like these quickly become very expensive, because your company is not operating at 100%. It is important to find the cause as soon as possible.

The ability to view “into” traffic or deep packet inspection (DPI) allows you to see the type of traffic and where the traffic is going, to name a few. You can probably already see the amount of traffic without DPI, but knowing that you are using Facebook or sending 100% traffic overseas is data that can be very useful.

ntop has an array of software tools and hardware appliances that allow you to view this type of information. But many times, the issue becomes how do you connect this all together? How is it possible to get a line-in to your internet pipe or remote office to view this type of traffic? That’s where Profitap’s line of products come in.

Profitap develops and manufactures a complete range of innovative Network TAPs, Network Packet Brokers and Portable Field Service Troubleshooters for security, forensics, deep packet capture and network performance monitoring sectors.

Direct access to the network and full visibility provides the basis for a proper network assessment. With a non-intrusive and fail-safe design, Profitap network analysis and traffic acquisition solutions provide complete and secure visibility into every bit and packet on the network.

Many companies do not have visibility into what is happening on their networks. “What are my users doing?”, “Where is the traffic coming to/ from?”.

In many cases, there is simply no way to view this traffic. To get full access to what is going on the network lines, a TAP is required, that can be used to copy/mirror traffic to another port. This device must be resilient, low cost and easy to use in order to not bring any harm to the critical network link by adding a point of failure.

From small single TAP environments looking to simply keep an eye on traffic to global installations with distributed TAPs, bypass TAPs and fiber infrastructures, Profitap has the ability to craft a network visibility solution tailored to your specific needs.

Once we have a copy of the network traffic, where do we send it? What exactly can we see? Profitap’s network TAPs allow you to capture 100% of the packets that are flowing over your network lines. This data can be sent to ntop’s software solution directly, or to a Network Packet Broker. Profitap offers a range of Network Packet Brokers that can aggregate and filter all mirrored traffic coming from the TAPs in real time. With an NPB in the setup, only actionable data is delivered to the ntop software, which makes for a very efficient solution.

Traffic Recording

10Gbit and above lossless network traffic recording with the n2disk™ traffic recorder. Uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open/source analysis tools (e.g. Wireshark). n2disk™ is able to produce an index on-the-fly during packet capture, to quickly retrieve interesting packets using fast-BPF and time interval. Precise traffic replay of the captured traffic can be done with disk2n™.

Network Probe

nProbe™ is an extensible NetFlow v5/v9/IPFIX probe with plugins support for Layer 7 content inspection. nProbe Cento™ is the highspeed equivalent with up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration.

Traffic Analysis

High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format. Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework.

Capture all network traffic in real-time with Network TAPs and then deliver only the important data to ntop software solutions with Profitap NPBs

  • Sort network traffic according to many criteria including IP address, port, L7 protocol, throughput, Autonomous Systems (ASs) and show real time network traffic and active hosts
  • Record and Visualize hosts’ historical applications protocols usage
  • Get a geographic map of your network communications with the rest of the world
  • High-speed web-based traffic analysis and flow collection using ntopng. Persistent traffic statistics in RRD format
  • Layer 7 analysis by leveraging on nDPI, an Open Source DPI framework
  • nProbe Cento: up to 100 Gbit NetFlow, traffic classification, and packet shunting for IDS/packet-to-disk acceleration
  • Traffic Recording
  • 10 Gbit and above lossless network traffic recording with n2disk. Industry standard PCAP file format
  • Wire-speed packet capture/transmission using commodity hardware with PF_RING. Zero-Copy packet distribution across threads, applications, Virtual Machines
  • ntopng natively integrated InfluxDB/Grafana support as well a custom network flow database that enables flow search and retrieval at high-speed.
  • Duplicate and deliver full-duplex traffic to the ntop software at line rate, with no impact on the network link

Profitap’s TAPs and ntop’s full line of software together offer full access and visibility into your network. This way, the root cause of a network problem can be identified, and solved quickly and accurately.

  • Last modified: August 13, 2021