[ale] NetFlow and Linux

Adam Allred prozaconstilts at gmail.com
Mon Dec 15 15:01:10 EST 2008


Haha, found it! Have you looked at ntop/nprobe?

http://www.ntop.org/overview.html

and

http://www.ntop.org/nProbe.html

nProbe can act as a netflow generator (you would install it on your router),
and as a collector and analyser (it's synonymous with nfsen/nfdump). You can
install it in both modes on the same machine, or split it so that collection
and analysis is performed elsewhere.

It exports in the Netflow format, so you can use any analyzer you choose,
you're not bound to nProbe/ntop for collection.

Adam

On Thu, Dec 11, 2008 at 9:35 AM, Christoper Fowler <
cfowler at outpostsentinel.com> wrote:

>
> > We are using nfsen here. It works great. I'm still working on getting the
> reports formatted the way I want but that's just a matter of tweaking/post
> processing.
> >
>
> What Cisco hardware are you using.   I want to test NetFlow but
> all I have are Cisco 2900 and 3550XL switches.  I do not use
> Cisco for layer 3 anything.  Linux only there.
>
> My goal is to see ALL traffic on my network.  Even traffic passing
> between port 1 and port 5 of a 2900.
>
> Chris
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081215/cd97a834/attachment.html 


More information about the Ale mailing list