Setting up a RIPE Atlas software probe

Calendar January 10, 2026
Network

Introduction#

RIPE Atlas is a global, open and distributed Internet measurement platform, with multiple devices that monitor Internet connectivity in real time worldwide.

This article explains how to quickly and efficiently set up a software-defined RIPE Atlas probe on a UNIX-based system.

This tutorial is only applicable to Debian, Ubuntu and Raspberry OS. Guidelines for RHEL distros are not discussed here.

Hardware probes, provided by RIPE themselves, are also available. Please see docs.

Procedure#

First, you need to create a RIPE NCC account; sign-up form is available here.

  1. ssh to the machine you want to install the probe

  2. Update distro and all installed packages: sudo apt update && sudo apt upgrade

  3. Run the following commands

    # OS/Arch config collection
ARCH=$(dpkg --print-architecture)
CODENAME=$(. /etc/os-release && echo "$VERSION_CODENAME")

# Package name to be downloaded from RIPE FTP servers
REPO_PKG=ripe-atlas-repo_1.5-5_all.deb

# Download the probe binary and the corresponding checksum from official GitHub repo
wget https://ftp.ripe.net/ripe/atlas/software-probe/debian/dists/"$CODENAME"/main/binary-"$ARCH"/"$REPO_PKG" https://github.com/RIPE-NCC/ripe-atlas-software-probe/releases/latest/download/CHECKSUMS

# Checking checksum match with downloaded binary version
grep -q "$(sha256sum "$REPO_PKG")" CHECKSUMS && echo "Success: checksum matches" || ( printf "\n\033[1;31mError: checksum does not match\033[0m\n\n"; rm "$REPO_PKG" )

# Install package locally
sudo dpkg -i "$REPO_PKG" && rm "$REPO_PKG"
sudo apt update
sudo apt-get install ripe-atlas-probe

    These commands will successfully download and install the corresponding program while ensuring checksums are correct

  4. During package install, RSA keys are generated, and you will see a similar prompt:

    Your identification has been saved in /etc/ripe-atlas/probe_key
Your public key has been saved in /etc/ripe-atlas/probe_key.pub

  5. Register the probe by filling up the form at https://atlas.ripe.net/apply/swprobe/ (you must be authenticated)

    • AS Number and Notes can be left blank.
    • AS Number will be filled automatically once the probe is enabled on RIPE back-end based on the public IP and the corresponding CIDR block
    • Enter correct City and Country of the given probe
    • Finally, input the content of /etc/ripe-atlas/probe_key.pub into Public key (sudo cat /etc/ripe-atlas/probe_key.pub)
    • The new probe will be displayed on your dashboard with a pending status waiting for the process to start

  6. Once the registration is complete, start the service:

    sudo systemctl enable --now ripe-atlas.service

    You can easily check service status via:

    sudo systemctl status ripe-atlas.service

  7. You should now see your probe at https://atlas.ripe.net/probes/mine.

    • Status column should be Connected with a green cloud icon.

You can grap the probe ID, store it somewhere and immediately track the probe status with below line:

PROBE_ID=1013133; curl "https://atlas.ripe.net/api/v2/probes/$(echo $PROBE_ID)" | jq '{status: .status.name}'

Multiple software probes might be hosted over the same LAN and be advertised over the same public IPv4/IPv6. There isn’t any limit per public IP.

Remarks#

Once install is completed, probe config files are available at: /etc/ripe-atlas:

$ sudo tree /etc/ripe-atlas/
/etc/ripe-atlas/
├── mode
├── probe_key
└── probe_key.pub

1 directory, 3 files
  • /etc/ripe-atlas/mode: set to prod by default
  • /etc/ripe-atlas/probe_key: Private key
  • /etc/ripe-atlas/probe_key.pub: Public key

IMPORTANT
Do not share or distribute the probe private key located in /etc/ripe-atlas/probe_key.

Network connectivity#

RIPE Atlas probes are connected via SSH tunnel to the RIPE Atlas back-end infrastructure.

Here’s the tunnel config, initiated when ripe-atlas.service service is started:

/usr/bin/ssh \
  -i /etc/ripe-atlas/probe_key \
  -o "ServerAliveInterval 60" \
  -o "StrictHostKeyChecking yes" \
  -o "UserKnownHostsFile /run/ripe-atlas/status/known_hosts" \
  -R 2023:127.0.0.1:2023 \
  -L 8080:127.0.0.1:8080 \
  -p 443 \
  [email protected] \
  KEEP

where:

  • -o "ServerAliveInterval 60":
  • -R 2023:127.0.0.1:2023: Reverse port forwarding (RIPE servers > Probe)
  • -L 8080:127.0.0.1:8080: Local port forwarding (Probe > RIPE servers)

More details about RIPE Atlas networking in The Internet Protocol Journal Vol. 18 - N°3

Use of SSH tunnels for these applications is NAT-friendly and prevents users from doing unsecure port forwarding on LAN routers.

RIPE server public IP check#

SSH target is domain: ctr-dub-sw01.atlas.prod.ripe.net.

DNS resolution gives:

$ dig A ctr-dub-sw01.atlas.prod.ripe.net \
     | grep "ANSWER SECTION" -A 1 \
     | tail -n1 \
     | awk '{print $5}' # 52.18.43.103

IP is from AWS network:

$ whois -h bgp.tools 52.18.43.103 | awk -F '|' '{print $1,$7}'
$ telnet 52.18.43.103 443 # 443 = port used in SSH tunnel
Trying 52.18.43.103...
Connected to ec2-52-18-43-103.eu-west-1.compute.amazonaws.com.

Conclusion#

If you followed this quick article, you should now have a RIPE Atlas probe running on your system and start earning credits.

Procedure tested on several Raspberry Pi 5 with Raspberry Pi OS Lite (64-bits) (headless)

Simulation of a Fractional Brownian Motion Forward
© 2026 • Lucas RODRIGUEZ