[AusNOG] Best Open-Source Flow analyzer tools

Sean K. Finn sean.finn at ozservers.com.au
Mon Dec 13 15:52:07 EST 2010 

Hi Shaun,

I Have used Manage Engine before, both free and paid and am not too impressed with the speed of it, it's just too sluggish  and is based on JAVA too.

It eventually comes up with some nice flows but I need something a little more robust that wont go into a 45 minute death spiral when a dataset gets too large.

PMACCT is awesome for sniffing and generating / aggregating / exporting flows.

I have been looking at PMACCT recently and it looks like it can export netflow V9 which categorises IPv6 traffic and MPLS Traffic as well as boring old IPv4.
Being able to use it as the reflector to tag AS's into the path information is kind of vital for a third party collector, and so far is the only flow-sniffer/generator / exporter that isn't based on the equipment where the flows are traversing to generate the flow info.

Step 1 in a Ghetto Flow exporter in my mind is Definitely PMACCT, but then where to export the info to, and how to visualise it is the next hard part.

I have the choice to code something myself for the flows, but then I realised I'd rather be fishing, so am looking to rig something up as the viewer  side of things.

Command line is great and all but I'm getting older and smarter(lazier) and realise that looking at fast moving and self updating graphs is easier than frantically typing lots of stuff. (And looks great on a feature wall).

After a link from another punter off-list, I followed through wth some googling and came up with

http://www.networkuptime.com/tools/netflow/index.html

As a few freeby tools. Not all are open source though.

Flowscan looks like it might do the trick, but might need some updating to display the RRD's a little nicer.
http://www.networkuptime.com/tools/netflow/flowscan.html

S.


From: Shaun Deans :: Kadeo [mailto:shaun at kadeo.com.au]
Sent: Monday, 13 December 2010 2:09 PM
To: Sean K. Finn; 'ausnog (ausnog at ausnog.net)'
Subject: RE: Best Open-Source Flow analyzer tools


Sean.

I have been meaning to cook something up using pmacct<http://www.pmacct.net/> for a long time, but never seem to get there.
This package exposes a [s/net]flow daemon which can aggregate flows via various metrics.
It also has an option to create a BGP "Route Reflector" setup to work out BGP next hops etc.
The only issue is that you get out of this what you put into it because its all based on custom configs  and gui's / queries.
There are some frontends available.


As for the professional tool you can't go past the Manage Engine Netflow Analyser <http://www.manageengine.com/products/netflow/index1.html>  they have a free version that allows you to graph to interfaces.
Its quite interesting to throw on an interface for a week and then watch the trends that develop.

Cheers

Shaun



From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Sean K. Finn
Sent: Monday, 13 December 2010 1:42 PM
To: 'ausnog (ausnog at ausnog.net)'
Subject: [AusNOG] Best Open-Source Flow analyzer tools

Hi AusNOG.

I'm looking for recommendations on the best open-source gui based visualisation tools for Flows.

Currently I'm using a paid-for Solar-Winds Flow-viewer that hangs off a MySQL Database, but runs Java as the web server / portal software. I think the current revision is called http://www.solarwinds.com/products/orion/nta/

It keeps getting clunky, and I keep throwing more hardware at it, but JAVA is just a pig.
I'm looking for alternatives because I really hate running Java.

My question to list is, what Open-Source alternatives are out there, and are there any good ones that people have used and can recommend?

I currently use the flow visualiser for dissection of network events after-the-fact, because its clunky and slow and takes a little while to sift through the information.

For live events I have text-based tools that give 1 second resolution and instant feedback on whats happening *now*.

If there are web based or gui tools out there that can run real-time, then great, but I'm really after something to show aggregate flows based on protocols by time of day, etc, all the nice stuff, basically to help traffic profile and dissect events to understand them better.

Any recommendations?
If there are better paid-for ones out there, lets hear it, too.

Thanks.

Sean.
(Feel free to reply on list and discuss / dissect).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101213/58980c9b/attachment.html>

More information about the AusNOG mailing list