Analisis de trafico

NetFlow

Informacion

• http://www.switch.ch/tf-tant/floma/software.html

flowscan

http://www.caida.org/tools/utilities/flowscan/ Reportes de ejemplo:

• http://mrtg.uv.es/flowscan/
• http://wwwstats.net.wisc.edu/
• http://flowscan.frgp.net/

fprobe y flowscan

Para el analisis de trafico hay que ver todo lo que pasa por la interface con: fprobe-ng Esta información es capturada por: flow-tools

apt-get install fprobe-ng flow-tools
vi /etc/flow-tools/flow-capture.conf

flow-tools vs cflowd

Why use flow-tools instead of cflowd?

• flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
• flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
• flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms

flow-tools only required a small change to FlowScan:

Otros

• potion
• Howto: Performance Benchmarks a Web server