Diferencia entre revisiones de «Análisis de tráfico»

De gacq wiki
Saltar a: navegación, buscar
(Analisis de trafico)
 
(No se muestran 17 ediciones intermedias de 2 usuarios)
Línea 1: Línea 1:
 +
=Herramientas=
 +
*[[Flowscan]]
 +
 +
 
=Analisis de trafico=
 
=Analisis de trafico=
==NetFlow==
+
Guias
Informacion
+
*http://www.gulag.org.mx/doc_netflow.php
*http://www.switch.ch/tf-tant/floma/software.html
+
*http://www.dynamicnetworks.us/netflow/
 +
 
 +
==ntop==
 +
ntop --set-admin-password
 +
*http://www.ntop.org
 +
http://localhost:3000/
 +
 
  
==flowscan==
 
http://www.caida.org/tools/utilities/flowscan/
 
Reportes de ejemplo:
 
*http://mrtg.uv.es/flowscan/
 
*http://wwwstats.net.wisc.edu/
 
*http://flowscan.frgp.net/
 
  
 
==flow-tools vs cflowd==
 
==flow-tools vs cflowd==
Línea 16: Línea 20:
 
*flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
 
*flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
 
*flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms
 
*flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms
 
== Analisis del trafico por una interface ethernet en un servidor debian ==
 
Fuente: http://www.prolixium.com/sitenews.php?id=482
 
<pre><nowiki>
 
apt-get install fprobe-ng flow-tools flowscan flowscan-cuflow flowscan-cugrapher rrdtool
 
mkdir -p /var/lib/netflow/ft
 
mkdir /var/lib/netflow/rrds
 
mkdir /var/lib/netflow/scoreboard
 
</nowiki></pre>
 
 
Dejar /etc/flow-tools/flow-capture.conf solo con:
 
<pre><nowiki>
 
-w /var/lib/netflow/ft -E 1G -N 0 -n 287 -S 60 -V 5 -z 9 0/0/555
 
</nowiki></pre>
 
 
Reiniciar el servicio
 
<pre><nowiki>
 
/etc/init.d/flow-capture restart
 
</nowiki></pre>
 
 
dejar /etc/flowscan/flowscan.cf con
 
<pre><nowiki>
 
FlowFileGlob /var/lib/netflow/ft/ft-v05.*
 
ReportClasses CUFlow
 
WaitSeconds 30
 
Verbose 1
 
</nowiki></pre>
 
 
/etc/flowscan/CUFlow.cf
 
<pre><nowiki>
 
</nowiki></pre>
 
Se puede ver la sintaxis aca: http://www.columbia.edu/acis/networks/advanced/CUFlow/CUFlow.html
 
 
===Errores===
 
Errores al correr flowscan
 
<pre><nowiki>
 
2006/07/26 18:12:22 working on file /var/lib/netflow/ft/ft-v05.2006-07-26.174716-0300...
 
/var/lib/netflow/ft/ft-v05.2006-07-26.174716-0300: Invalid index in cflowd flow file: 0xCF100103! Version 5 flow-export is required with *all* fields being saved.
 
</nowiki></pre>
 
Pasa con la version 0.67-8 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327367
 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=163227;msg=72
 
 
 
 
  
  

Revisión actual del 11:57 24 ago 2006

Herramientas


Analisis de trafico

Guias

ntop

ntop --set-admin-password

http://localhost:3000/


flow-tools vs cflowd

Why use flow-tools instead of cflowd?

  • flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
  • flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
  • flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms


Otros