search for: netflow

Hi all, I need to setup a netflow reporting tool under CentOS server to collect traffic data from several firewalls. What netflow tool do you recommends me? Of course, Open source. Many thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/2...

https://bugzilla.mindrot.org/show_bug.cgi?id=1959 Bug #: 1959 Summary: Incorrect Sequence Numbers for NetFlow v9 export. Classification: Unclassified Product: softflowd Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: softflowd AssignedTo: djm at mindrot.org...

Pp ------Original Message------ From: nate Sender: centos-bounces at centos.org To: CentOS Mailing list ReplyTo: CentOS Mailing list Sent: Feb 23, 2009 8:13 PM Subject: Re: [CentOS] cisco netflow analyzer? Robinson Tiemuqinke wrote: > Anyone knows any Cisco netflow analyzer that could run on Linux/Windows? I > know that cisco ASDM works at somewhat level but too rough... > > For example, CIsco ASDM can only shows at IP level and only three types > graph, like top 10 source A...

Anyone got a reco on a package that can collect netflow data and accept user defined queries for specific data, like what an ip did every hour for some said interval? Thanks! jlc

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager...

List, I installed my server and I want to start Mysql, but I can not find the file /etc/ini.d/mysqld .. [root at netflow ntop]# rpm -qa|grep mysql mysqlclient10-3.23.58-4.RHEL4.1 libdbi-dbd-mysql-0.6.5-10.RHEL4.1 mysql-4.1.10a-1.RHEL4.1 mysql-devel-4.1.10a-1.RHEL4.1 Am I missing some mysql rpm from Cds? regards. israel -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.da...

Hi Guy, I am trying to figure out how & where can i get the bandwidth usage utilization statistic info for all the VM, so in the end i will be able to use it for metering purpose.. Anyone got any idea ? Regards, Peter -------------- next part -------------- An HTML attachment was scrubbed... URL:

ok .. a use iptraf, but iptraf show my evry connection from computerX: 84.135.15.81:4899 > 163 7940 --A- eth0 ? 82.77.210.7:3475 > 212 323323 -PA- eth0 ? 62.231.96.133:80

...Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy: dmitry@trifle.net Description: ~~~~~~~~~~~~ I've noticed DNAT stopped to work after reloading iptables modules or machine reboot. [NetFlow_source]--->--->---[eth0, NAT_box, eth1]--->--->---[NetFlow_collector] We have a netflow collector behind NAT. NetFlow stream is being generated by cisco and should be delivered to the collector. The problem is being contained in conntrack. Conntrack caches udp stream before DNAT rule...

...e'' routing. The routers will be using RIP or OSPF to make sure that routing stays correct and manageable. I will be using the following services: - 2.4 kernel (2.6 ?? QOS) (Why should I use 2.6 ?) - netfilter (firewalling) - shorewall (admin :) ) - zebra/ospfd (routing) - snmp (netflow, nic counters) - sshd - remote syslog - some kind of vpn (cipe for wireless ?) That''s my list of things I will be using. I am thinking about using the debian sarge tree, because I really like debian in the way it works (updating etc...). Maybe other distributions are more suiteable....

Hi, I have a router running BGP and OSPF (bird) on FreeBSD. Are there any best practises one can take in order to protect the network from DDoS attacks. I know this isn't easy. But I would like to secure my network as much as possible. Even if I'am not able to prevent or block a ddos I would like to get some info (snmp trap parhaps) regarding the attack. Then I can contact my ISP or

...if.c if_atmsubr.c if_fwsubr.c if_gif.c > if_gif.h if_gre.c if_gre.h > if_iso88025subr.c if_stf.c if_var.h > route.c route.h rtsock.c > sys/netatalk at_extern.h at_proto.c > sys/netgraph/netflow netflow.c > sys/netinet if_atm.c if_ether.c in_gif.c in_mcast.c > in_pcb.c in_pcb.h in_rmx.c in_var.h > ip_fastfwd.c ip_fw.h ip_fw2.c ip_icmp.c > ip_input.c ip_mroute.c ip_mroute.h >...

Hi all, I've been asked by a college to setup a monitor to monitor a Windows network, but on internet usage. They want to have detailed usage, i.e. on a per IP / PC basis, and if possible to get stats for every protocol, and see over a period of time what goes on. My first though wat ntop, which does all of this, but it doesn't save the data in a DB, so if the server reboots the stats

Hi all. I have currently a task to implement a network traffic analyzer. Some years ago I've used NTOP for that purpose, I would also like to test some alternatives. Which alternatives can you recommend and why? Thanks ;) Best regards, Rafa? Radecki.

hello ... how can I identify huge downloads on link to automticly move them to low priority queue ? somethink like combination rate and duration of session Thanks

...all over the place. The list is very useful and it is good for me to participate and "give back" to the community. Anywho, I wanted to post this response to a thread that was created back in November 2008 about the ntop daemon failing to start. I'm currently setting up ntop as a NetFlow & SFlow collector and came across the issue. A quick refresher, the init script for ntop has an issue where it can't parse the ntop.conf file correctly if switches are entered before the "@/etc/ntop.conf". The suggested work around was to move the "-d -L" switches from...

...ot clients that are still configured to use port 143 to connect to our mailserver, from the dovecot logs. I would then ask them to move over to 993, and finally disable port 143 altogether. When looking at the dovecot logs, it seems this is not logged in any obvious way. Of course I could use netflow etc, but that would not give us usernames, but IP's, etc. So, is there a nice way to somehow indicate in the dovecot logs, if a client connected on 143 or on 993? Thanks!

Hi Guys I''m trying to measure the traffic of domUs using vnstat without luck. My configuration: Debian 6.0.3 xen 4.0.1 vnstat 1.11 I''m using bonding with two network cards. auto bond0 iface bond0 inet manual slaves eth0 eth1 bond-mode active-backup bond-miimon 100 bond-updelay 200 bond-downdelay 200 bond-primary eth0 auto br0 iface br0 inet static

...EL4 set to be updated ---> Package krb5-libs.i386 0:1.3.4-12 set to be updated ---> Package kernel.i686 0:2.6.9-5.0.5.EL set to be installed ---> Downloading header for kernel-devel to pack into transaction set. kernel-devel-2.6.9-5.0.5. 100% |=========================| 340 kB 00:17 http://netflow.cimex.com.cu/centos/RPMS/kernel-devel-2.6.9-5.0.5.EL.i686 .rpm: [Errno -1] Header is not complete. Trying other mirror. Error: failure: RPMS/kernel-devel-2.6.9-5.0.5.EL.i686.rpm from update: [Errno 256] No more mirrors to try.

Hi, How can i count the number of packets on an interface evry 2 or 5 seconds. and i want to count only specific packets like only arriving packets from port 5001 Any thoughts... Muhammad