Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: netflow

  • From: Paul Howell
  • Date: Tue Sep 26 07:14:12 2000 
Jim Cotton writes:
 > 
 > What tools are you using to capture and analyze the data?

The CAIDA/cflowd tools work pretty nice if you want to do traffic 
characterization.  
http://www.caida.org/tools/measurement/cflowd/

There is a one-off from cflowd available at 
http://net.doit.wisc.edu/~plonka/FlowScan/

which also does a nice job of general purpose characterization.

Knowing more about one's traffic would allow you to spot flood-DoS attacks.

But it depends on what your purpose is as to what you'd use to analyze

A more security oriented netflow analysis package is at Ohio State
ftp://ftp.net.ohio-state.edu/users/maf/cisco/flow-tools.tar.gz

 > Have you seen any instablilty in routers running netflow?

Not really.  The routers have to operating normally for them to export
netflow data.  Clearly when a router stops exporting flows, you might
conclude that there is a problem.   I suppose if a downstream router failed,
and traffic fell over to another route, you could see that thru netflow.

< paul


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.