Table of Contents

Horizontal White

High-performance flow exporter with DPDK support.

What is Ipfixprobe?

Ipfixprobe is a high-performance network probe that processes packet data from various input sources (such as a network interface controller (NIC) or capture file) and generates bidirectional flow records. These records are then exported to an external system, such as a file, flow collector, or visualization tool.

Additionally, ipfixprobe supports a plugin architecture, with a rich selection of input, output, and processing plugins, allowing you to customize the probe for your specific needs.

ℹ️ Get started with ipfixprobe monitoring on your network.

What is Ipfixprobe for?

  • Detect suspicious or anomalous behaviour.
  • Read side-channel patterns.
  • Identifying malware activity.
  • Recognizing internet protocols in traffic.
  • Detect cryptocurrency mining.
  • Analyzing network performance and characteristics.
  • …and many more

What is a Flow?

A flow is a sequence of packets (communication from A ↔ B) that share common characteristics (source, destination, protocol, etc.) and are treated as a single communication session.

Flow contains basic information about the communication, like the MAC address, IP address, transferred bits, errors, and more (based on what process plugins you use).

Types of Flows

  • Bidirectional – (default) Communication from A → B and B → A is treated as a single flow.
  • Unidirectional – Communication from A → B and B → A are treated as two distinct flows allowing you to analyze input and output communication separately.

ℹ️ Use -s 'cache;split' to change flow to unidirectional.

Main Features

High Performance

  • Ipfixprobe can support traffic up to 400 Gbps.

Versatility

  • Ipfixprobe can be installed on anything from cutting-edge backbone infrastructure to small SOHO OpenWrt router.
  • ➡️Check out our installation guide for more instructions.

Plugin Support

  • Ipfixprobe supports a large number of plugins to tailor to your specific needs, including:
    • TLS, QUIC, HTTP, DNS, and many more.

DPDK Support

  • Optimized for high-speed packet processing using DPDK.

Frequently asked questions

answer

answer

answer

answer

answer

answer

answer