20 May
2013
20 May
'13
5:21 a.m.
Op 20-5-2013 0:40, Cameron Daniel schreef:
On 2013-05-17 8:11 pm, Tim Vollebregt wrote:
Is anyone using an open source solution to process netflow v9 captures? I'm waiting for SiLK v3 for some time now, which is currently only available for TLA's and Universities.
Currently looking into nfdump.
To drag this back on topic, yes I'm currently using nfcap/nfdump to capture and parse Netflow v9. It's not as tidy as I'd like but it does the job.
If you want something you can just point and shoot, nfsen ties those two tools together into one config file.
Tim
Not only for netflow analysis, but also a DDOS detection tool: I am testing Andrisoft Wanguard this month. Very nice webinterface and has even possibility to do BGP blackholing. RInse