I am looking for some real-time net flow and analysis tools. If anyone has any pointers, I'd appreciate it. Something like Cisco Netflow, but that doesn't require a Cisco Router to capture (ie, a Unix box with promiscuous ethernets instead). Thanks -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On Sun, 10 Jan 1999 alex@nac.net wrote:
I am looking for some real-time net flow and analysis tools.
If anyone has any pointers, I'd appreciate it.
Something like Cisco Netflow, but that doesn't require a Cisco Router to capture (ie, a Unix box with promiscuous ethernets instead).
One that seems to be pretty good is Network Flight Recorder ( http://www.nfr.com ). This can run on an affordable Intel or Sparc box, and for internal private use, it's free (and somewhat limited in speed). There are also some (free) modules for it at loPht ( http://www.L0pht.com -- make sure you get L"zero"pht.com, or you'll get a nice surprise). NFR is a general-purpose platform for network analysis and reporting, but it seems that right now it is most well-known for security analysis and detection. The cool thing about it is that you can write your own modules (that's one of the intents of the samples at L0pht.com). Pete Kruckenberg http://pete.kruckenberg.com/resume
[ On Sun, January 10, 1999 at 17:50:34 (-0700), Pete Kruckenberg wrote: ]
Subject: Re: Net Flows and Analysis tools
On Sun, 10 Jan 1999 alex@nac.net wrote:
I am looking for some real-time net flow and analysis tools.
One that seems to be pretty good is Network Flight Recorder ( http://www.nfr.com ).
Another I don't think has been mentioned yet is ntop-1.0. It's not anywhere near as fancy or sophisticated or programmable as NFR, but depending on your goals and requirements, it can do quite a bit for such a small program. The new version has an HTML interface that is quite useful for its size. ftp://ftp.unipi.it/pub/local/ntop/source/ -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
Hello Alex, Check out work on the following: NLANR's work on real time flow analysis (links off of http://www.nlanr.net) The IETF RTFM Work (overview at http://www.ietf.org with details at http://www.auckland.ac.nz/net/Internet/rtfm/) NeTraMet - A nice tools used by many ISPs (http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html) Barry
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Pete Kruckenberg Sent: Monday, January 11, 1999 8:51 AM To: nanog@merit.edu Subject: Re: Net Flows and Analysis tools
On Sun, 10 Jan 1999 alex@nac.net wrote:
I am looking for some real-time net flow and analysis tools.
If anyone has any pointers, I'd appreciate it.
Something like Cisco Netflow, but that doesn't require a Cisco Router to capture (ie, a Unix box with promiscuous ethernets instead).
One that seems to be pretty good is Network Flight Recorder ( http://www.nfr.com ). This can run on an affordable Intel or Sparc box, and for internal private use, it's free (and somewhat limited in speed). There are also some (free) modules for it at loPht ( http://www.L0pht.com -- make sure you get L"zero"pht.com, or you'll get a nice surprise).
NFR is a general-purpose platform for network analysis and reporting, but it seems that right now it is most well-known for security analysis and detection. The cool thing about it is that you can write your own modules (that's one of the intents of the samples at L0pht.com).
Pete Kruckenberg http://pete.kruckenberg.com/resume
participants (4)
-
alex@nac.net
-
Barry Raveendran Greene
-
Pete Kruckenberg
-
woods@most.weird.com