Educause Security Discussion mailing list archives

Re: netflow analysis

From: David Shettler <dshettle () HOLYCROSS EDU>
Date: Fri, 13 May 2005 11:04:57 -0400

I've fooled around with ntop for netflow, but haven't really been
"satisfied".  Search functionality is what I'm aching for and I haven't
really been able to be happy with ntop in that regard.  While I want
trending stuff, I also want information from a forensics perspective.  I
use ntop a lot for on-the-fly stuff though.  Maybe I've miissed
something in ntop though in this regard, I'll have to relook it.

David C. Shettler - GCFA
Senior Technical Services Engineer
College of the Holy Cross
508-793-3073

Pete.Hoffswell () DAVENPORT EDU 05/13/05 7:46 AM >>>

Those look really nice, Tristan.  I might have to try this stuff out.

We have an installation of ntop

http://www.ntop.org/ntop.html




Pete Hoffswell                              616-732-1101 (Grand Rapids,
x1101)
University LAN/WAN Coordinator              616-510-1198 (Mobile)
IT Services                                 pete.hoffswell () davenport edu
Davenport University                        http://www.davenport.edu

Davenport University.  it's working.

TristanRhodes () WEBER EDU 5/12/2005 6:17 PM >>>


http://nfsen.sourceforge.net

http://nfdump.sourceforge.net

These projects go together (front-end and backend).  They are fairly
new projects, but they are actively developed.  I am looking into
testing these applications on our network.

Tristan Rhodes
Weber State University

dshettle () HOLYCROSS EDU wrote on 05/12/05 3:15 PM:

Hello,

I'm curious as to how people are handling their netflow data.  We're
thinking about putting it into a DB and designing our own interface

for

it.  I haven't found any decent analysis tools (web based with

search

functionality specifically).  Any recommendations?  A good deal of

tools

out there seem to no longer be maintained.

Appreciate any advice!

David C. Shettler - GCFA
Senior Technical Services Engineer
College of the Holy Cross
508-793-3073


**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.



**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

netflow analysis David Shettler (May 12)
- <Possible follow-ups>
- Re: netflow analysis Stephen Bernard (May 12)
- Re: netflow analysis Wyman Miles (May 12)
- Re: netflow analysis stanislav shalunov (May 12)
- Re: netflow analysis Tristan RHODES (May 12)
- Re: netflow analysis Arturo Servin (May 13)
- Re: netflow analysis Pete Hoffswell (May 13)
- Re: netflow analysis David Shettler (May 13)
- Re: netflow analysis David Shettler (May 13)
- Re: netflow analysis Bill Yurcik (May 13)
- Re: netflow analysis Wyman Miles (May 18)