Documentation

Introduction

• About Netify
• Netify Deep Packet Inspection Agent
• Netify Plugin Architecture
• Netify Informatics
• Netify Data Feed
• Conventions Used in this Documentation

About Netify

Welcome to Netify!

Netify refers to Deep Packet Inspection software developed by eGloo Inc., a company specializing in network classification and intelligence solutions. Deep Packet Inspection (DPI) is a technology used for examining and managing network traffic by inspecting the content of data packets at a deep level. Netify is cross-platform software that has been ported to run under various Linux and BSD architectures - ARM, MIPS, x86.

Netify is a collection of software and services. Some organizations will prefer to deploy certain components independently to address specific needs while others may have a use case that integrates a comprehensive Netify solution. Said another way, Netify means different things to different people. Below is a quick review of the types of solutions Netify offers so that you can get to the documentation that is most relavent to you.

Netify Deep Packet Inspection Agent

The Netify DPI agent runs as a daemon on most Linux or BSD hosts. The agent is also available as a container for Docker or LXC. The agent can be built to run on almost any architecture (ARM, MIPS, x86). The DPI agent can be deployed on modest hardware at the edge (ex. embedded devices, 512M RAM, SoC) and within network infrastructure or private/public clouds. The most recent Netify Agent can perform at speeds of 10Gbps without the use of proprietary hardware.

The agent is made available in a variety of formats:

• via download from the Netify download mirrors
• via native package repositories (ex. OpenWRT)
• pre-installed from one of our partners (ex. Endian, NethServer, Zyxel)

Netify DPI Documentation

Netify Plugin Architecture

By design, the Netify Agent version 5 and later performs a minimilist set of instructions related to capturing and analyzing real-time flows or PCAP files. Making metadata available outside the memory footprint of the agent as well as performing actions related to data analysis is the job of plugins. This design principle allows integrators of the agent to be selective in the plugins they require, which creates many advantages:

• reduces the number of libraries and dependencies
• creates a minimalist footprint for storage-constrained environments (ex. embedded devices)
• allows for a more stable core code base
• increases performance
• reduces integration time
• allows for more flexibility

Netify Plugins have common attributes but can perform very different tasks. Each plugin is described in its own section in the documentation. Not all plugins are developed under open source licenses - please contact us if you are interested in evaluating one or more proprietary plugins.

Netify Plugins Documentation

Netify Informatics

Netify Informatics uses analytics and AI to transform local Netify DPI metadata into high-level network intelligence and visibility. It uses the Netify DPI agent, either embedded on an edge device, in the data plane, or receiving mirror/span traffic. This solution can be SaaS-based, in your own data center, or a cloud IaaS.

Netify Informatics Documentation

Netify Data Feeds

Netify Data Feeds provide network intelligence datasets via standard network API endpoints. The documentation provides all the information you need to start integrating the data into your solution.

Netify Data Feeds Documentation

Conventions Used in this Documentation

When reading this documentation, certain words or sections of content will be represented in different styles. This highlighting exists to make it easier to understand the context of the information being presented. The following conventions are used:

file or folder

File names, directory names, and paths are presented in this way.

ls -lstr

Shell commands are represented in this way.

[netifyd]
syn_scan_protection = no

path_state_volatile = /var/run/netifyd

Contents of a file.

{
  "agent_version": "5.0.19",
  "cpu_cores": 8,
  "cpu_system": 0.755646,
  "cpu_system_prev": 0.751954,
  "cpu_user": 3.125628,
  "cpu_user_prev": 3.049208,
  "dhc_status": true,
  "dns_hint_cache": {
    "cache_size": 1000,
    "insert_hit": 53,
    "insert_hit_pct": 5.0284,
    "insert_miss": 1001,
    "lookup_hit": 152,
    "lookup_hit_pct": 98.701,
    "lookup_miss": 2
  }
}

The output (usually JSON) returned in response to a command.

Informational message.

A note, reminder, tip or trick that can help keep you from banging your head against the wall.

Warning message.

A warning to prevent you from doing something you may come to regret without fully understanding of your actions.

Critical message.

An urgent note that should not be ignored.