Re: netflow

["Truong, Joseph" <Joseph.Truong () UCSFMEDCTR ORG>]

We use the Cisco  Mars that has a good historical data and trends  in getting the info from netflow.   Very helpful to 
track top talkers and query for any types of information needed in regards to network traffic.
We use daily and it's a great tool in helping us to detect attacks and viruses on the network.

Joseph Truong
Senior Network Engineer & Security Analyst
UCSF Medical Center
Enterprise Information Technology Services
Tel: 415-353-4599 Office
Tel: 415-717-4846 Cell
Email: Joseph.truong () ucsfmedctr org<mailto:Joseph.truong () ucsfmedctr org>


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peter 
Charbonneau
Sent: Tuesday, March 31, 2009 9:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] netflow

Jason,

  I would be interested to read what answers you get.  Would you summarize to the list?

p

On Mar 31, 2009, at 11:50 AM, Youngquist, Jason R. wrote:


I was wondering if anyone uses any free/Open Source netflow products to capture netflow information.  We currently have 
a commercial product which captures netflows and has Network Behavioral Anomaly Detection (NBAD) capability, but I'm 
looking at alternatives.  We are already using MRTG (and Cacti) to get bandwidth information, so I'm looking for 
netflow tools that have the capability to dig deeper into the flow data, ie. to zoom into a traffic spike and determine 
the "top talker(s)" for the particular time period, the port, destination IP, etc.

Please email me directly if you use a neflow application (Open Source or commercial) which has good analysis capability.



Thanks.
Jason Youngquist
jryoungquist () ccis edu<mailto:jryoungquist () ccis edu>



PeteC


Peter Charbonneau
Sr. Network and Systems Administrator
Williams College
(413) 597-3408 (office)
(413) 822-2922 (cell)
OIT will NEVER ask for your password!