[AusNOG] Best Open-Source Flow analyzer tools

Matthew Moyle-Croft mmc at internode.com.au
Tue Dec 14 10:10:30 EST 2010


For peering flow analysis I ended up writing my own.   I'm dealing with sampled (upto 1in100) which then needs careful messing around with to figure out actual throughput and ensuring you know what's actually your IP space etc.  I throw away everything but AS level aggregates and turn that into a mbps number by looking at interface throughput.  Because it's lossy (sampled) I don't much care about not keeping up with packets.    Nothing else that I've seen quite deals with this need. 

MMC

On 13/12/2010, at 4:28 PM, David Hughes wrote:

> 
> On 13/12/2010, at 3:02 PM, Dobbins, Roland wrote:
> 
>> Flowscan is ancient; nfdump/nfsen should be viewed as its successor.
> 
> nfdump works well, as does flow-tools.  Luckily some guys picked up the old flow-tools code base from splintered.net and have been working on it.  New releases are available at
> 
> 	http://code.google.com/p/flow-tools/
> 
> It offers a good path forward for anyone that built tools around flow-tools and felt a little empty when Mark Fullmer moved on to other things.  I'm using nfdump myself these days but there's certainly a lot of flow-tools installations out there (including some I was responsible for :)
> 
> 
> David
> 





More information about the AusNOG mailing list