For When You Can't Have The Real Thing
[ start | index | login ]
start > dave > experiments > Net Flows

NetFlows: Purpose

We have an ethernet connection to the rest of the world. It is difficult to see what is using the connection at any given time, and currently impossible to see who has been using it over time.

The connection to the rest of the world is on a managed switch which can echo traffic from one port to another; this lets us connect a computer to the second port and watch all the traffic on the wire. The traffic is too fast at up to 100Mb/s to monitor with the python libpcap interface (packets get dropped even when you are just counting them, forget processing). So I hit on the Net Flows technology.

Right now I have a single computer doing the listening. It uses fprobe to listen to the traffic and generate the flows, and flow-tools (specifically flow-capture) to capture the generated flows and write them to disk.

Now I'm writing a perl script using Cflows to interpret the data.

The goal is to present the data in a format that cacti can interpret, saving me the trouble of having to write my own presentation layer.


Progress 'Blog


Index etc

  • dave
    • experiments
      • Net Flows
        • 2007-10-31
        • 2007-11-06
        • 2007-11-08
        • 2007-11-09
        • 2007-11-12
        • 2007-11-13
        • 2007-11-16
        • 2007-11-20
        • 2007-11-21
        • 2007-12-18
        • 2007-12-21
        • 2008-02-26
        • 2008-03-26
        • 2009-02-24
        • 2009-03-04
        • 2009-04-20
        • 2009-04-23
        • 2009-05-06
        • 2009-05-07
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt