FW: NetFlow output plugin?

["Mayers, Philip J" <p.mayers () ic ac uk>]

Here's a list (no particular order) of the tools I've been looking at:

EHNT: http://sourceforge.net/projects/ehnt/

The Caida tools are good: http://www.caida.org/tools/measurement/cflowd/

Netramet: http://www2.auckland.ac.nz/net/Accounting/ntm.Release.note.html

Flowc: http://www.univ.kiev.ua/~roman/soft/flowc/

Cisco have some stuff: http://www.cisco.com/warp/public/732/netflow/

Flowscan: http://net.doit.wisc.edu/~plonka/FlowScan/

Freesite is a total billing system: http://www.sisd.com/freeside/

Some random stuff:

http://www.tsh.or.id/netflow.shtml
http://www.switch.ch/tf-tant/floma/software.html

For those of you with Extreme switches in your network, I've been hearing
rumbles that the next release of the firmware will support flow-export (like
Cisco's).

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+  

-----Original Message-----
From: Chris Schuler [mailto:cschuler () mindleaders com]
Sent: 11 May 2001 13:54
To: 'p.mayers () ic ac uk'
Subject: [Snort-users] NetFlow output plugin?


My managers are the same way, but Im getting ready to start my research on
what tools analyze the data.  Your email soudned like you knew of a few
tools that worked w/ netflow data... could you take a min and list a few for
me to look into?  

All,

We're successfully sniffing out 100Mb connection (and getting good data too)
with Snort 1.7 - congratulations to all for a great product. In case
anyone's interested, we're sniffing 7k packets/sec (30Mbits) on a 256Mb
PIII800 (Compaq DL380) at about 15-20% CPU usage. We're going to try a
64-bit PCI gigabit card at some point, hopefully before we move to a Gigabit
connection (eek!).

Anyway, my managers like pretty graphs so I've been investigating the
possibility of writing a preprocessor that will do things like top-N hosts
and bucket-sorting based on packet size/subnet/port number/etc. The thought
occurred to me that the best way to do this would be to have Snort generate
Cisco NetFlow stats and use some of the many tools available to pull that
data out. Has anyone thought about that, or should I give it a look?

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support |
| Centre for Computing Services |
| Imperial College |
+----------------------------------+ 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
<http://lists.sourceforge.net/lists/listinfo/snort-users>
Snort-users list archive:
<http://www.geocrawler.com/redir-sf.php3?list=snort-users>


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users