[AusNOG] What tool shows this?
Dobbins, Roland
rdobbins at arbor.net
Sat Feb 15 15:55:37 EST 2014
On Feb 15, 2014, at 11:28 AM, Jimmy <mupperoni at gmail.com> wrote:
> Also what is a good network monitoring tool (open source preferred) that collects netflow data and can easily show a current traffic anomaly e.g. a ddos attack quickly and succinctly?
This one is open source:
<http://www.akmalabs.com/flowmatrix.php>
There's another one I've heard about, but I can't remember its name, and my search-engine-fu is apparently weak.
Most NetFlow anomaly-detection systems are commercial.
[Full disclosure: I work for a vendor of such systems.]
That being said, you can do a lot with something like nfdump/nfsen or SiLK or ntop and a Mark I Eyeball. I strongly recommend investigating and getting some operational experience with open-source NetFlow collection/analysis tools; they may provide all the functionality you need, and if you later decide to investigate commercial solutions, you'll have a solid foundation for evaluating them.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the AusNOG
mailing list