Documentation

Introduction

• About Netify
• Netify Deep Packet Inspection Agent
• Netify Plugin Architecture
• Netify Informatics
• Netify Informatics CORE
• Netify Data Feed
• Conventions Used in this Documentation

About Netify

Welcome to Netify!

Netify refers to Deep Packet Inspection software developed by eGloo Inc., a company specializing in network classification and intelligence solutions. Deep Packet Inspection (DPI) is a technology used for examining and managing network traffic by inspecting the content of data packets at a deep level. Netify is cross-platform software that has been ported to run under Linux and BSD various architectures - ARM, MIPS, x86.

Netify is a collection of software and services. Some organizations will prefer to deploy certain components independently to address specific needs while others may have a use case that integrates a comprehensive Netify solution. Said another way, Netify means different things to different people. Below is a quick review of the types of solutions Netify offers so that you can get to the documentation that is most relavent to you.

Netify Deep Packet Inspection Agent

The Netify DPI agent runs as a daemon on any Linux and BSD host or inside a container such as Docker or LXC on almost any architecture. The DPI agent can be deployed on modest hardware at the edge (ex. embedded devices, 512M RAM, SoC) and within network infrastructure or private/public clouds. The most recent Netify Agent can perform at speeds of 10Gbps without the use of proprietary hardware.

The agent is made available in a variety of formats:

• via download from the Netify download mirrors
• via native package repositories (ex. OpenWRT)
• pre-installed from one of our partners (ex. Endian, NethServer, Zyxel)

Netify DPI Documentation

Netify Plugin Architecture

By design, the Netify Agent version 5 and later performs a minimilist set of instructions related to capturing and analyzing real-time flows or PCAP files. Making metadata available outside the memory footprint of the agent as well as performing actions related to data analysis is the job of plugins. This design principle allows integrators of the agent to be selective in the plugins they require, which creates many advantages:

• reduces the number of libraries and dependencies
• creates a minimalist footprint for storage-constrained environments (ex. embedded devices)
• allows for a more stable core code base
• increases performance
• reduces integration time
• allows for more flexibility

Netify Plugins have common attributes but can perform very different tasks. Each plugin is described in its own section in the documentation. Not all plugins are developed under open source licenses - please contact us if you are interested in evaluating one or more proprietary plugins.

Netify Plugins Documentation

Netify Informatics

Netify Informatics is a SaaS, B2B play that targets the SMB market, providing Network Intelligence to business owners, network admins, etc. It requires the use of Netify DPI agent, either embedded on the edge device, in the data plane or receiving mirror/span traffic. The back end is API driven, and we have done both integrations and white label solutions based on Netify Informatics. This solution can be SaaS based or in your own data center or cloud IaaS of your choosing.

Netify Informatics CORE

Netify Informatics Core is designed for the data centre - a typical use case would be a small ISP or WISP. It collects data from remote edge devices or captures packets at an aggregation point in a DC. Informatics CORE can handle much higher volumes of bandwidth since the 'resolution' of metadata is per subscriber, not device endpoint.

CORE is built for system integrators. It is API-driven and does not have an end-user facing interface, instead relying on the UX experience of the target integration (ex. Splynx).

Netify Data Feeds

Netify receives and stores a lot of metadata from around the world from customers using Netify Informatics - from both residential and commercial origins. Using Machine Learning, our team cleans and analyzes this data for two objectives:

• Improving the application signatures for the DPI agents
• Providing the aggregated application data for the Netify Data feeds

The Data Feed Service is intended for those customers who are looking to enrich their own customer experiences to include how applications are delivered by their owners over the Internet and/or to improve classification of flow data when a DPI agent is not or can not be made available.

Netify Data Feeds Documentation

Conventions Used in this Documentation

When reading this documentation, certain words or sections of content will be represented in different styles. This highlighting exists to make it easier to understand the context of the information being presented. The following conventions are used:

file or folder

File names, directory names, and paths are presented in this way.

ls -lstr

Shell commands are represented in this way.

[netifyd]
syn_scan_protection = no

path_state_volatile = /var/run/netifyd

Contents of a file.

{
  "agent_version": "5.0.19",
  "cpu_cores": 8,
  "cpu_system": 0.755646,
  "cpu_system_prev": 0.751954,
  "cpu_user": 3.125628,
  "cpu_user_prev": 3.049208,
  "dhc_status": true,
  "dns_hint_cache": {
    "cache_size": 1000,
    "insert_hit": 53,
    "insert_hit_pct": 5.0284,
    "insert_miss": 1001,
    "lookup_hit": 152,
    "lookup_hit_pct": 98.701,
    "lookup_miss": 2
  }
}

The output (usually JSON) returned in response to a command.

Informational message.

A note, reminder, tip or trick that can help keep you from banging your head against the wall.

Warning message.

A warning to prevent you from doing something you may come to regret without fully understanding of your actions.

Critical message.

An urgent note that should not be ignored.