Preview

Nfsen & Nfdump

Satisfactory Essays
Open Document
Open Document
7934 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Nfsen & Nfdump
User Documentation nfdump & NfSen
1 NFDUMP
This is the combined documentation of nfdump & NfSen. Both tools are distributed under the BSD license and can be downloaded at nfdump http://sourceforge.net/projects/nfdump/ nfsen http://sourceforge.net/projects/nfsen/ This documentation describes nfdump tool v1.5 and NfSen v1.2.3.

1.1 NFDUMP tools overview
All tools support netflow v5, v7 and v9. nfcapd - netflow capture daemon. Reads the netflow data from the network and stores the data into files. Automatically rotate files every n minutes. ( typically every 5 min ) nfcapd reads netflow v5, v7 and v9 flows transparently. You need one nfcapd process for each netflow stream. nfdump - netflow dump. Reads the netflow data from the files stored by nfcapd. It's syntax is similar to tcpdump. If you like tcpdump you will like nfdump. Nfdump displays netflow data and can create lots of top N statistics of flows IP addresses, ports etc ordered by whatever order you like. nfprofile - netflow profiler. Reads the netflow data from the files stored by nfcapd. Filters the netflow data according to the specified filter sets ( profiles ) and stores the filtered data into files for later use. Mostly used by NfSen. nfreplay - netflow replay Reads the netflow data from the files stored by nfcapd and sends it over the network to another host. nfclean.pl - cleanup old data Sample script to cleanup old data. You may run this script every hour or so. ft2nfdump – Optional binary: Reads and converts flow-tools data. Reads flow-tools data from files or from stdin in a chain of flow-tools commands and converts the data into nfdump format to be processed by nfdump.

1.2 Principle of Operation:
The goal of the design is to be able to analyze netflow data from the past as well as to track interesting traffic patterns continuously. The amount of time back in the past is limited only by the disk space available for all the netflow data. The tools are optimized for speed for efficient

You May Also Find These Documents Helpful

  • Satisfactory Essays

    For simulations, we have used ns-3 simulator which is a discrete event network simulator. We have used ns-3 for evaluation of our algorithm for random sensor node deployment scenarios to find the sinks locations for a particular sensor nodes deployment.…

    • 614 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    2. Briefly explain how each of the Linux-based tools demonstrated in this lab can be used to monitor bandwidth, protocol, and network traffic information.…

    • 1518 Words
    • 5 Pages
    Powerful Essays
  • Powerful Essays

    2. Briefly explain how each of the Linux-based tools demonstrated in this lab can be used to monitor bandwidth, protocol, and network traffic information.…

    • 1518 Words
    • 5 Pages
    Powerful Essays
  • Best Essays

    Aircraft Solutions

    • 2805 Words
    • 12 Pages

    Hogg, S. (2011, July 31). Retrieved February 20, 2013, from Firewall Administration Techniques and Tools: http://www.networkworld.com/community/blog/firewall-administration-techniques-and-tools…

    • 2805 Words
    • 12 Pages
    Best Essays
  • Satisfactory Essays

    ISS Week 3 Vlab 1

    • 136 Words
    • 1 Page

    To be able to see all the packets that come in and out on the Network…

    • 136 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    Pos420 Final Paper

    • 2424 Words
    • 10 Pages

    Tackett, J. and Gunter, D. (1997). Special edition. Using Linux. 3rd edition. Indianapolis, IN. QUE Corporation.…

    • 2424 Words
    • 10 Pages
    Powerful Essays
  • Powerful Essays

    A Network Management system, or NMS is a collection of software to be used as tools to monitor a network of computers. This software performs multiples tasked specifically designed to help keep a network managed properly and running smoothly. There are many components that can make up a Network management system. With all the options out there a network administrator is able to customize what features to utilize depending on their specific needs. This allows for real-time monitoring as well as report generated analyses. However, there are a few cornerstone components that should be explored. The Manager, Agent, MIB, Probe, SNMP, and RMON are probably the most valued components.…

    • 771 Words
    • 3 Pages
    Powerful Essays
  • Powerful Essays

    Netw420 Week 4 lab report

    • 726 Words
    • 3 Pages

    This week’s assignment is to describe various event categories and event based transactions that are used by the Network Management System. It would be impossible to categorize all potential causes for alarms in all existing network systems however, understanding some common alerts and categories is essential for any network manager.…

    • 726 Words
    • 3 Pages
    Powerful Essays
  • Good Essays

    Stuff Software, Inc. (n.d.). TrafficFinder! TM - Erlang C Traffic Table up to Ten Million Trunks. Retrieved June 11, 2014, from http://www.stuffsoftware.com/trafficerlangctable.html…

    • 9550 Words
    • 35 Pages
    Good Essays
  • Good Essays

    Nt1310 Unit 33

    • 595 Words
    • 3 Pages

    The most modern method of firewall scanning that does not rely on memory intensive examination is ‘Stateful inspection’. A Stateful firewall holds significant attributes of each connection of trusted information for the duration of session. These attributes which are collectively known as state of the connection may include ip addresses, ports involved in the network and number of packets being…

    • 595 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Intro to Unix Project 2

    • 636 Words
    • 3 Pages

    2- Description of pipes: The symbol | is the Unix pipe symbol that is used on the command line. What it means is that the standard output of the command to the left of the pipe gets sent as standard input of the command to the right of the pipe. Note that this functions a lot like the > symbol used to redirect the standard output of a command to a file. However, the pipe is different because it is used to pass the output of a command to another command, not a file.…

    • 636 Words
    • 3 Pages
    Satisfactory Essays
  • Better Essays

    * IDS and IPS monitoring of incoming and outgoing network traffic, including anti-virus, anti-spyware and signature and anomaly-based traffic monitors.…

    • 932 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    Vark Analysis Paper

    • 1357 Words
    • 6 Pages

    Fleming, N. (2011). VARK: a guide to learning styles. Retrieved from Kinesthetic Study Strategies: http://www.vark-learn.com/english/page.asp?p=kinestheticprint…

    • 1357 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    Evolution of Ethernet

    • 558 Words
    • 3 Pages

    As stated in an article found in Infinera; Industry consensus has led to general agreement that a doubling of Internet traffic each year represents a sustainable natural growth rate [1, 2], with growth ranging from 75% to 125% per…

    • 558 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Network baselining is the process of interpreting and understanding of data called baseline analysis. It allows you to discover the true performance and operation of the network. To determine whether a network could deliver a particular policy you need to measure the network’s current performance. By obtaining a baseline of system or network behavior I would need NBAD or Network Behavior Anomaly Detection. NBAD is an integral part of Network Behavior Analysis which offers security and it continuously monitoring the network for any unusual events or trends. A malicious abuse is the number one cause of today’s internet traffic. Anomalies such as worms, port scans, denial of service attacks, etc., these we could found at any time in the network traffic. These anomalies are waste network resources which can cause performance ruin of network devices and end hosts. It may lead to security issues concerning all internet users. Suppose an attacker intrudes on one of the servers. The first place to check is the Log Files for administrative issues and security activity. Log Files contains complete records of all security events, e.g. log one events, resource access, attempted violations of policy and changes in system configuration or policies. And also, Critical System events that can follow admin to quickly discover the root that causes the issue. We can also identify bad system or network activities by observing anomalies from baseline behavior or identifying certain suspicious actions. Monitoring the individual network subscribers by having NBAD or Network Behavior Anomaly Detection, this can tracks also the critical network characteristics in real time and it generates an alarm if a strange event or trend is detected that could indicate the presence of a threat. Need to consider that even legitimate…

    • 607 Words
    • 2 Pages
    Good Essays