[AusNOG] Best Open-Source Flow analyzer tools
Matthew Moyle-Croft
mmc at internode.com.au
Tue Dec 14 10:10:30 EST 2010
For peering flow analysis I ended up writing my own. I'm dealing with sampled (upto 1in100) which then needs careful messing around with to figure out actual throughput and ensuring you know what's actually your IP space etc. I throw away everything but AS level aggregates and turn that into a mbps number by looking at interface throughput. Because it's lossy (sampled) I don't much care about not keeping up with packets. Nothing else that I've seen quite deals with this need.
MMC
On 13/12/2010, at 4:28 PM, David Hughes wrote:
>
> On 13/12/2010, at 3:02 PM, Dobbins, Roland wrote:
>
>> Flowscan is ancient; nfdump/nfsen should be viewed as its successor.
>
> nfdump works well, as does flow-tools. Luckily some guys picked up the old flow-tools code base from splintered.net and have been working on it. New releases are available at
>
> http://code.google.com/p/flow-tools/
>
> It offers a good path forward for anyone that built tools around flow-tools and felt a little empty when Mark Fullmer moved on to other things. I'm using nfdump myself these days but there's certainly a lot of flow-tools installations out there (including some I was responsible for :)
>
>
> David
>
More information about the AusNOG
mailing list