[clug] Traffic monitoring with Netflow
Alastair D'Silva
alastair at d-silva.org
Mon Aug 5 03:19:18 UTC 2019
Hey folks,
I've been tinkering with Netflow to log traffic in & out of my home
network, and it looks like there ins't really good open source analysis
tools other than Ntopng:
https://www.ntop.org/products/traffic-analysis/ntop/
Unfortunately, it can't ingest Netflow directly, but instead uses a
payware package (Nprobe) to encapsulate the information into JSON over
ZeroMQ.
Since this is a fairly trivial format to work with, I submitted patches
to softflowd (https://github.com/irino/softflowd) to generate
compatible messages for ntopng, so now you can have a nice analyser
without any payware components.
Softflowd can be a bit of a CPU hog though, since it uses BPFs to snoop
on all the data for a particular interface. The next thing to do would
be to make use of the Netfilter connection tracking data to generate
message to ntopng. Here's a similar package that already generates
Netflow data from that, in case anyone wants to have a crack themselves
(I'm unlikely to get time to do it for a while):
https://metacpan.org/pod/nfflowd
Cheers,
--
Alastair D'Silva mob: 0423 762 819
skype: alastair_dsilva
Twitter: @EvilDeece
blog: http://alastair.d-silva.org
More information about the linux
mailing list