There is always Argus —Dave
On Apr 4, 2022, at 8:30 AM, John Kristoff <jtk@dataplane.org> wrote:
On Sun, 03 Apr 2022 19:10:18 -0700 Randy Bush <randy@psg.com> wrote:
i am setting up new app/port monitoring. i like nfsen because i can zooom in and see who is sending all that port 43 tls between 11:42 and 12:19. is there some other tool at which i should look?
If you are using nfcapd/nfdump I think that is your only choice. I weakly tried to get a hack-a-thon together one year to implement a more modern version of it a few years ago, but I couldn't garner enough interest from those who wanted to code it. There was user interest however.
Even per P. Haag, nfsen was a quick hack, but in my view was quite a good one considering. I wouldn't give public access to the interface, but the last time I setup some flows capture and monitoring, about 5 years ago, I used it. It was good enough. If it is just for you and you're OK with it, I think it is still fine.
pmacct would probably the tool I'd use if I wanted something different now.
John