I thought I would post a create site that keeps net flow tools up to date - http://www.switch.ch/network/projects/completed/TF-NGN/floma/software.html
Some examples of the tools are the following:
Some examples of the tools are the following:
-
- FlowScan
- A Perl-based system to analyze and report on flows collected by
flow-tools, lfapd or cflowd, by Dave Plonka. Sample output graphs are
available too, as well as Majordomo-driven mailing
lists for announcements and general discussion (archive).
It is currently built on Cflow.pm.
User-contributed tools based on FlowScan include:
- CarrierIn from Stanislav Sinyagin
- which claims to be more suitable for larger ISP/Carriers
- CUFlow from Matt Selsky and Johan M. Andersen at Columbia University
- which is an alternative graphing tool "designed to combine the features of CampusIO and SubNetIO". Robert S. Galloway has contributed a nice howto-style document describing how it can be used.
- FlowMonitor from Johan M. Andersen at Columbia University
- monitors individual users' network usage against a bandwidth usage policy.
- JKFlow by Jurgen Kobierczynski
- A new reporting module which is highly configurable using an XML configuration file.
- FlowScan+
- An extension to FlowScan developed by KISTI/KAIST. Adds servlet-based visualization and support for queries for top user, AS, port, protocol, etc. This is supposed to be available under http://flowscan.kreonet2.net/, but that site doesn't seem to be responsive.
- flow-tools
- Similar to cflowd but implemented
as a set of smaller tools, with the addition of compression of the
recorded data, thus capable of recording many more flows in a given
amount of disk space. See paper
about its application for Intrusion Detection. There is also a mailing
list for the package.
There is a short presentation called Ohio Gigapop Traffic Measurements that shows some examples on how flow-tools can be used.
The package is widely used, and there are quite a few user contributions, such as- FlowViewer
- Web-interface to flow-tools. Consists of three tools: FlowViewer provides the user with web access to many of the textual and statistical flow-tools reports. FlowGrapher provides a web page with a graph of the selected flow data. These web pages can be saved. FlowTracker (introduced in FlowViewer 3.0, released in July 2006) allows the user to maintain this information long-term by creating four MRTG-like graphs. Filtered flow data is collected every five minutes and the graphs are updated. FlowTracker requires Tobi Oetiker's RRDtool package. Screenshots are available.
- flow-extract
- which can be used to filter flow-tools-recorded flows through user-specified tests
- a set of "Inter.netPH contribs"
- by Horatio B. Bogbindero
- some patches and a Python module
- by Robin Sommer.
- flow-pairs
- A script that extracts lists of the highest bandwidth consumers by host and by port. Installed at UCB. Seems to have similar uses as the older MATHE system.
- Net::Flow
- Perl module for de- and encoding Netflow (v5/v9) and IPFIX packets.
- jflow
- A set of Java classes for collecting and analyzing NetFlow data. Supports Netflow versions 5 and 6, multithreaded implementation to facilitate real-time traffic accounting and analysis.
- Autofocus
- A traffic analysis and visualization tool that describes the traffic mix of a link through textual reports and time series plots. The underlying research is documented in a SIGCOMM 2003 paper, Automatically Inferring Patterns of Resource Consumption in Network Traffic, C. Estan, S. Savage, G. Varghese (PDF paper, PPT slides).
- Wisconsin Netpy
- Netpy is a network traffic analysis and visualization package developed at University of Wisconsin-Madison. This application is intended for the use of network administrators and it can help understand usage trends in your network as well as support interactive analysis of specific network events of interest. Netpy is distributed under GPL and a BDS-like license. Netpy stores NetFlow records in a local database after applying some sampling to reduce the size of the data. The analysis engine supports interactive analyses on this data where the user chooses the time interval of interest, the filtering rules to apply to the traffic and the type of analysis. The netpy console allows the user to manage the database, and perform analyses interactively or through scripts. The graphical user interface visualizes the results of the analyses accessing the database locally or remotely through a netpy server that is also part of the package.
