Nfsen & Nfdump
User Documentation nfdump & NfSen
1 NFDUMP
This is the combined documentation of nfdump & NfSen. Both tools are distributed under the BSD license and can be downloaded at nfdump http://sourceforge.net/projects/nfdump/ nfsen http://sourceforge.net/projects/nfsen/ This documentation describes nfdump tool v1.5 and NfSen v1.2.3.
1.1 NFDUMP tools overview
All tools support netflow v5, v7 and v9. nfcapd - netflow capture daemon. Reads the netflow data from the network and stores the data into files. Automatically rotate files every n minutes. ( typically every 5 min ) nfcapd reads netflow v5, v7 and v9 flows transparently. You need one nfcapd process for each netflow stream. nfdump - netflow dump. Reads the netflow data from the files stored by nfcapd. It's syntax is similar to tcpdump. If you like tcpdump you will like nfdump. Nfdump displays netflow data and can create lots of top N statistics of flows IP addresses, ports etc ordered by whatever order you like. nfprofile - netflow profiler. Reads the netflow data from the files stored by nfcapd. Filters the netflow data according to the specified filter sets ( profiles ) and stores the filtered data into files for later use. Mostly used by NfSen. nfreplay - netflow replay Reads the netflow data from the files stored by nfcapd and sends it over the network to another host. nfclean.pl - cleanup old data Sample script to cleanup old data. You may run this script every hour or so. ft2nfdump – Optional binary: Reads and converts flow-tools data. Reads flow-tools data from files or from stdin in a chain of flow-tools commands and converts the data into nfdump format to be processed by nfdump.
1.2 Principle of Operation:
The goal of the design is to be able to analyze netflow data from the past as well as to track interesting traffic patterns continuously. The amount of time back in the past is limited only by the disk space available for all the netflow data. The tools are optimized for speed for efficient
1 NFDUMP
This is the combined documentation of nfdump & NfSen. Both tools are distributed under the BSD license and can be downloaded at nfdump http://sourceforge.net/projects/nfdump/ nfsen http://sourceforge.net/projects/nfsen/ This documentation describes nfdump tool v1.5 and NfSen v1.2.3.
1.1 NFDUMP tools overview
All tools support netflow v5, v7 and v9. nfcapd - netflow capture daemon. Reads the netflow data from the network and stores the data into files. Automatically rotate files every n minutes. ( typically every 5 min ) nfcapd reads netflow v5, v7 and v9 flows transparently. You need one nfcapd process for each netflow stream. nfdump - netflow dump. Reads the netflow data from the files stored by nfcapd. It's syntax is similar to tcpdump. If you like tcpdump you will like nfdump. Nfdump displays netflow data and can create lots of top N statistics of flows IP addresses, ports etc ordered by whatever order you like. nfprofile - netflow profiler. Reads the netflow data from the files stored by nfcapd. Filters the netflow data according to the specified filter sets ( profiles ) and stores the filtered data into files for later use. Mostly used by NfSen. nfreplay - netflow replay Reads the netflow data from the files stored by nfcapd and sends it over the network to another host. nfclean.pl - cleanup old data Sample script to cleanup old data. You may run this script every hour or so. ft2nfdump – Optional binary: Reads and converts flow-tools data. Reads flow-tools data from files or from stdin in a chain of flow-tools commands and converts the data into nfdump format to be processed by nfdump.
1.2 Principle of Operation:
The goal of the design is to be able to analyze netflow data from the past as well as to track interesting traffic patterns continuously. The amount of time back in the past is limited only by the disk space available for all the netflow data. The tools are optimized for speed for efficient