« Understanding IPv6 | Main | Migrating Routing Protocols »
October 2, 2007
Network Security and Netflow
A couple things I'd like to mention in this post...First off, I just finished looking through End-to-End Network Security from Cisco Press...Very nice. If you've ever wanted to get into network security, this is a great starting point. It talks about major areas of network security to address and the tools you can use to do it.
So that brings me to my second thought...Someone talk to me about Netflow. Netflow is one of the tools this book mentions that you can use to analyze your network traffic. In it's basic form, Netflow tracks all the "flows" (aka traffic) going through your router. You can categorize it per-application and even get down to a per-user level (so you can finally figure out who is killing the Internet connection with their peer-to-peer traffic). Every time I want to get into the Netflow world, I seem to get lost in a land of build-your-own linux applications or extremely expensive Windows applications. Is there someone out there who knows of a good, free/cheap, easy to use Windows application that can take the Netflow data and put it into a web page format (much like MRTG/PRTG)? This seems like too cool of a tool to pass up.
As a side-note, it looks like Aaron has gone into the development shop on Netflow...MAN I wish I could do that. Cursed linux people :).
Posted by JC at October 2, 2007 4:24 PM
Comments
Hi,
There is some time since I use this software:
http://manageengine.adventnet.com/products/netflow/cisco-netflow.html
It is windows based and it's free to use for 2 interfeces.
Hope that this will help you!
Posted by: Lucian at October 2, 2007 5:03 PM
You should learn unix (or linux) since your favorite brand of routers are based on unix.
Try Fedora or Ubuntu. You have have all the cool stuff like a tftp server, a syslog server, etc.
Posted by: Joe at October 2, 2007 8:09 PM
Seriously, learn Linux ;) Fedora comes with flow-tools which provides the collector and tools. Flow-scan is a good tool do interpret the data, and I've been working on writing a peering analysis tool at http://taind.sourceforge.net/
Sean
Posted by: Sean at October 3, 2007 5:44 AM
I have used solarwinds, manageengine for netflow analysis and Crannog-Software's (bought by Fluke) Netflow Tracker is the best I have seen.
The interface is so intuitive and really easy to use, I believe that the eval version works for 30 days.
Posted by: Mark at October 3, 2007 6:34 AM
I'd love to learn Linux/Unix...it's just one of those things where I get bogged down with useless junk...like finding a network card driver and ensuring IRQ ports are configured correctly. Ugh.
Thanks for the links above! I'll check them out.
Posted by: JC at October 3, 2007 8:08 AM
Here's an article on NetFlow from TechRepublic:
http://blogs.techrepublic.com.com/networking/?p=302&tag=nl.e115
and one of the embedded URLs is a cisco.com page with free NetFlow software links:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
Enjoy, :D
Posted by: Derek at October 4, 2007 3:36 AM
commercial - Peakflow from arbor
free - ntop
Posted by: jose at October 5, 2007 12:55 PM
You might want to take a look at http://nfsen.sourceforge.net/ & http://nfdump.sourceforge.net/.
Posted by: oddbjorn at October 7, 2007 3:40 AM
Take a look a Plixer scrutinizer. It's the best net flow analyzer I have found. While not 100% free, the free version works quite well.
Posted by: Jon at October 14, 2007 7:21 PM
You can try ntop with netflow configured, it works like a charm, but Cronnog is still the better tool so far.
Posted by: Javyn at October 17, 2007 11:54 PM
Ive been looking at ntop.
Much as id love to spend time setting this up on linux i simply dont have time. Ntop is open source but you need to compile it yourself if you want to run on Windows. You can buy a pre-compiled version from ntop (www.ntop.org) or you could try this free pre-compiled version.
http://www.openxtra.co.uk/freestuff/ntop-xtra.php
It might not be the latest version but it seems to work OK for me.
Posted by: Andy at October 29, 2007 1:44 PM
I would second scrutinizer it does come with a cost but their support is excellent and the product is Windows point and click easy. Alarms can be generated based on thresholds defined, real time stats, reporting so on and so on. The full blown version isn't free but it is really cheap compared to the other options out there.
Posted by: pingFX at December 7, 2007 8:18 AM
There is a start-up that has a search engine designed to help sort and analyze netflow data for security. You can see a demo of the product here.
http://www.packetanalytics.com/demo.php
I pinged them and they mentioned it would available for download in January.
Posted by: Brian Despain at December 11, 2007 6:13 AM
Thanks for maintaining such a useful portal. Your blog happens to be not just informative but also very stimulating too. We find a limited number of people who can think to write not so easy content that creatively. All of us look for articles on this topic. I have gone in detail through dozens of blogs to come across information about this.Keep me informed when you write more on the subject !!
Posted by: Buy SEO Articles at January 6, 2010 4:55 AM
Thank you for hosting such a wonderful portal. Your blog is not just useful but also very creative too. There normally are a limited number of experts who can write not so easy articles that creatively. A lot of people keep searching for articles on a topic like this. We ourselves have gone in detail through dozens of blogs to find knowledge with respect to this.We look forward to the next posts !!
Posted by: SEO Articles at January 6, 2010 6:17 AM
Thank you for posting such a creative website. this website was not only knowledgeable but also very artistic too. There normally are very few professionals who can think to write not so easy stuff that creatively. I keep searching for content with regard to a topic like this. I Myself have looked through several websites to build up on information with regard to this.I will keep coming back !!
Posted by: SEO Article Service at January 6, 2010 6:49 AM
Kudos for giving such a informative site. Your weblog was not only knowledgeable but also very creative too. We come across only few experts who are capable of write not so easy content that creatively. A lot of people keep searching for articles on this subject. I Myself went through many websites to build up on knowhow with respect to this.Keep writing in !!
Posted by: Buy Articles at January 6, 2010 11:48 PM
Thank you for creating such a terrific blog. this site happens to be not only knowledgeable but also bvery imaginative too. There normally are only few bloggers who can think to create not so easy content that creatively. A lot of people keep searching for articles about this topic. I have gone in detail through several blogs to find knowledge about this.I will check back often !!
Posted by: SEO Article writing service at January 7, 2010 12:37 AM
We should thank you for creating such a informative portal. Your blog happens to be not just informative but also very inventive too. There are a limited number of professionals who are capable of write technical content that creatively. All of us search for information on something like this. I Myself have gone in detail through many blogs to build up on information with regard to this.Keep me informed when you write more on the subject !!
Posted by: Insanity Workout at January 10, 2010 3:04 AM
Thanks for maintaining such a wonderful weblog. Your website is not only informative but also very artistic too. We find a limited number of professionals who can write technical articles that creatively. I keep looking for information about a subject like this. I searched in several websites to find knowhow with respect to this.Looking to many more from your site !!
Posted by: Insanity Workout at January 10, 2010 3:47 AM