Diferencia entre revisiones de «Análisis de tráfico»

De gacq wiki
Saltar a: navegación, buscar
 
Línea 11: Línea 11:
 
*http://flowscan.frgp.net/
 
*http://flowscan.frgp.net/
  
===fprobe y flowscan===
+
==flow-tools vs cflowd==
 +
Why use flow-tools instead of cflowd?
 +
*flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
 +
*flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
 +
*flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms
 +
 
 +
=== Analisis del trafico por una interface ethernet en un servidor debian ===
 
Para el analisis de trafico hay que ver todo lo que pasa por la interface con: fprobe-ng
 
Para el analisis de trafico hay que ver todo lo que pasa por la interface con: fprobe-ng
 
Esta información es capturada por: flow-tools  
 
Esta información es capturada por: flow-tools  
 
<pre><nowiki>
 
<pre><nowiki>
 
apt-get install fprobe-ng flow-tools
 
apt-get install fprobe-ng flow-tools
vi /etc/flow-tools/flow-capture.conf
 
 
</nowiki></pre>
 
</nowiki></pre>
  
==flow-tools vs cflowd==
 
Why use flow-tools instead of cflowd?
 
*flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
 
*flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
 
*flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms
 
  
flow-tools only required a small change to FlowScan:
 
  
  

Revisión del 17:39 26 jul 2006

Analisis de trafico

NetFlow

Informacion

flowscan

http://www.caida.org/tools/utilities/flowscan/ Reportes de ejemplo:

flow-tools vs cflowd

Why use flow-tools instead of cflowd?

  • flow-capture preserves the sub-second portion of the NetFlow timestamps that cflowd discards
  • flow-tools is easier to build because it is written in portable C. Problems with building cflowd may occur because it requires cutting edge C++ features
  • flow-tools is actively maintained, and supports newer NetFlow versions, including those from the popular Cisco Cat6K series platforms

Analisis del trafico por una interface ethernet en un servidor debian

Para el analisis de trafico hay que ver todo lo que pasa por la interface con: fprobe-ng Esta información es capturada por: flow-tools

apt-get install fprobe-ng flow-tools



Otros