Educause Security Discussion mailing list archives
Re: Netflow Analysis Software
From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Wed, 4 May 2011 13:52:56 -0400
On Wed, May 04, 2011 at 10:40:28AM -0400, Kevin Wilcox wrote:
What are you looking to accomplish? Flow data is, at its heart, extremely simple - two IPs, two ports, two timestamps, some flags and some counters.
That reminds me of a problem we have been having lately. Many applications these days are http based and hit CDNs and big virtual hosting providers. Netflow <= v9 isn't very useful at reporting on this sort of thing. We try to combine netflow with passive dns data, but that isn't perfect. I've been looking at v10/IPFIX which apparently supports other fields like HTTP_URL. This blog post mentions one of the example use cases: http://www.plixer.com/blog/scrutinizer/monitor-netflix-traffic-using-netflow-reporting/ but there doesn't seem to be as many open tools for working with this data yet. Is anyone actively using IPFIX now? -- -- Justin Azoff -- Network Security & Performance Analyst
Current thread:
- Netflow Analysis Software Miller,James R (May 04)
- Re: Netflow Analysis Software Kevin Wilcox (May 04)
- Re: Netflow Analysis Software Miller,James R (May 04)
- Re: Netflow Analysis Software Dr. Wole Akpose (May 04)
- Re: Netflow Analysis Software Miller,James R (May 04)
- Re: Netflow Analysis Software Miller,James R (May 04)
- Re: Netflow Analysis Software Bradley, Stephen W. Mr. (May 04)
- Re: Netflow Analysis Software Justin Azoff (May 04)
- Re: Netflow Analysis Software Jason Chambers (May 09)
- Re: Netflow Analysis Software Kevin Wilcox (May 04)
- Re: Netflow Analysis Software Mike Iglesias (May 04)
- Re: Netflow Analysis Software Joel Rosenblatt (May 04)
- Re: Netflow Analysis Software win-hied () bradjudy com (May 04)
- Re: Netflow Analysis Software Troy S. Jordan (May 04)
- Re: Netflow Analysis Software Avdagic, Indir (May 04)
- Re: Netflow Analysis Software Michael Jewett (May 04)
- Re: Netflow Analysis Software Drews, Adam (May 04)
- <Possible follow-ups>
- Re: Netflow Analysis Software Bob Doyle (May 05)