Educause Security Discussion mailing list archives
Re: netflow analysis
From: Wyman Miles <wm63 () CORNELL EDU>
Date: Wed, 18 May 2005 09:28:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've written a tool here, nfgrep that functions as a search against raw NetFlow v5 records. It's pretty rudimentary, but fast. You can search by IP, CIDR, regular expression, port/proto/TCP flags. http://pecos.cit.cornell.edu/nfgrep It compiles fine under Solaris and should, in theory, work under Linux, though you'll need a -DLINUX to bring in all the little-endian stuff. Wy - --On Friday, May 13, 2005 11:04 AM -0400 David Shettler <dshettle () HOLYCROSS EDU> wrote:
I've fooled around with ntop for netflow, but haven't really been "satisfied". Search functionality is what I'm aching for and I haven't really been able to be happy with ntop in that regard. While I want trending stuff, I also want information from a forensics perspective. I use ntop a lot for on-the-fly stuff though. Maybe I've miissed something in ntop though in this regard, I'll have to relook it. David C. Shettler - GCFA Senior Technical Services Engineer College of the Holy Cross 508-793-3073Pete.Hoffswell () DAVENPORT EDU 05/13/05 7:46 AM >>>Those look really nice, Tristan. I might have to try this stuff out. We have an installation of ntop http://www.ntop.org/ntop.html Pete Hoffswell 616-732-1101 (Grand Rapids, x1101) University LAN/WAN Coordinator 616-510-1198 (Mobile) IT Services pete.hoffswell () davenport edu Davenport University http://www.davenport.edu Davenport University. it's working.TristanRhodes () WEBER EDU 5/12/2005 6:17 PM >>>http://nfsen.sourceforge.net http://nfdump.sourceforge.net These projects go together (front-end and backend). They are fairly new projects, but they are actively developed. I am looking into testing these applications on our network. Tristan Rhodes Weber State Universitydshettle () HOLYCROSS EDU wrote on 05/12/05 3:15 PM:Hello, I'm curious as to how people are handling their netflow data. We're thinking about putting it into a DB and designing our own interfaceforit. I haven't found any decent analysis tools (web based withsearchfunctionality specifically). Any recommendations? A good deal oftoolsout there seem to no longer be maintained. Appreciate any advice! David C. Shettler - GCFA Senior Technical Services Engineer College of the Holy Cross 508-793-3073********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Wyman Miles Senior Security Engineer Cornell University, Ithaca, NY (607) 255-8421 -----BEGIN PGP SIGNATURE----- Version: Mulberry PGP Plugin v3.0 Comment: processed by Mulberry PGP Plugin iQA/AwUBQotC9MRE6QfTb3V0EQK06ACfWxWbFBg9gHGDqNCti+3BIcMq29EAoIyq F8xO0Ic0M7LH2MkG30Xs0fw0 =A8qp -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- netflow analysis David Shettler (May 12)
- <Possible follow-ups>
- Re: netflow analysis Stephen Bernard (May 12)
- Re: netflow analysis Wyman Miles (May 12)
- Re: netflow analysis stanislav shalunov (May 12)
- Re: netflow analysis Tristan RHODES (May 12)
- Re: netflow analysis Arturo Servin (May 13)
- Re: netflow analysis Pete Hoffswell (May 13)
- Re: netflow analysis David Shettler (May 13)
- Re: netflow analysis David Shettler (May 13)
- Re: netflow analysis Bill Yurcik (May 13)
- Re: netflow analysis Wyman Miles (May 18)