Diferencia entre revisiones de «Análisis de tráfico»
De gacq wiki
| Línea 21: | Línea 21: | ||
Esta información es capturada por: flow-tools | Esta información es capturada por: flow-tools | ||
<pre><nowiki> | <pre><nowiki> | ||
| − | apt-get install fprobe-ng flow-tools | + | apt-get install fprobe-ng flow-tools flowscan flowscan-cuflow flowscan-cugrapher |
</nowiki></pre> | </nowiki></pre> | ||
| + | |||
| + | |||
| + | |||
Revisión del 17:41 26 jul 2006
Contenido
Analisis de trafico
NetFlow
Informacion
flowscan
http://www.caida.org/tools/utilities/flowscan/ Reportes de ejemplo:
flow-tools vs cflowd
Why use flow-tools instead of cflowd?
- flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
- flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
- flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms
Analisis del trafico por una interface ethernet en un servidor debian
Para el analisis de trafico hay que ver todo lo que pasa por la interface con: fprobe-ng Esta información es capturada por: flow-tools
apt-get install fprobe-ng flow-tools flowscan flowscan-cuflow flowscan-cugrapher
