[AusNOG] Best Open-Source Flow analyzer tools
Trent Lloyd
lathiat at bur.st
Mon Dec 13 17:10:52 EST 2010
All,
On 13/12/2010, at 1:58 PM, David Hughes wrote:
>
> On 13/12/2010, at 3:02 PM, Dobbins, Roland wrote:
>
>> Flowscan is ancient; nfdump/nfsen should be viewed as its successor.
>
> nfdump works well, as does flow-tools. Luckily some guys picked up the old flow-tools code base from splintered.net and have been working on it. New releases are available at
>
> http://code.google.com/p/flow-tools/
>
> It offers a good path forward for anyone that built tools around flow-tools and felt a little empty when Mark Fullmer moved on to other things. I'm using nfdump myself these days but there's certainly a lot of flow-tools installations out there (including some I was responsible for :)
My old netflow systems used flow-tools, I am now using nfdump since it supports v9 and IPv6 and also will summarise data for me in a nice C process, rather than my flow-tools job which did it entirely in SQL and was a little slow for various reasons including lack of indexing for subnet calculations.
Unfortunately neither of those do graphical stuff.. nfsen is an addon for nfdump which does.. and ntop can also take netflow and do some useful things with it.
Regards,
Trent
More information about the AusNOG
mailing list