[c-nsp] looking for a netflow analyzer
Roland Dobbins
rdobbins at cisco.com
Fri Oct 6 12:33:40 EDT 2006
On Oct 6, 2006, at 9:15 AM, Ge Moua wrote:
> Over the summer I attended a Joint Techs-Internet2 conference and Dave
> Plonka from UW-Madison talked briefly about their niffy FlowScan
> implementation:
> http://wwwstats.net.wisc.edu/
FlowScan's cool, but I believe it's lain fallow for a while. nfdump/
nfsen and OSU flow-tools/Stager are also very useful open-source
tools (nfdump supports NetFlow v9; to date, flow-tools does not);
Arbor, Lancope, Narus, and Q1 Labs are all very useful commercial
systems which make extensive use of NetFlow for detection/
classification/traceback and traffic engineering/capacity planning.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Any information security mechanism, process, or procedure which can
be consistently defeated by the successful application of a single
class of attacks must be considered fatally flawed.
-- The Lucy Van Pelt Principle of Secure Systems Design
More information about the cisco-nsp
mailing list