[194906] in North American Network Operators' Group
Re: Proxying NetFlow traffic correctly
daemon@ATHENA.MIT.EDU (Joe Loiacono)
Wed Jun 7 09:20:04 2017
X-Original-To: nanog@nanog.org
In-Reply-To: <X5NQb1U3i7cGQ-2WNAeEgksMbcc-k81yeYg8bb_U5cXWn2OfOq34iaOpoQnvSqG6x0WV4PTvFVu_lxYW-3mn1sYQMZgMGRStIyxmwUNP3Bw=@protonmail.com>
To: Sami <samiii@protonmail.com>
From: Joe Loiacono <jloiacon@csc.com>
Date: Wed, 7 Jun 2017 09:19:59 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>, NANOG <nanog-bounces@nanog.org>
Errors-To: nanog-bounces@nanog.org
You may want to check out the SiLK netflow capture and analysis tool
suite. Look in particular at it's SiLK Administrators Tools section which
provides extensive flexibility for manipulating netflow exports. The
analysis tools are quite good too.
http://tools.netsa.cert.org/silk/silk-reference-guide.pdf
Joe
"NANOG" <nanog-bounces@nanog.org> wrote on 06/06/2017 05:43:46 PM:
> From: Sami via NANOG <nanog@nanog.org>
> To: "nanog@nanog.org" <nanog@nanog.org>
> Date: 06/06/2017 07:33 PM
> Subject: Proxying NetFlow traffic correctly
> Sent by: "NANOG" <nanog-bounces@nanog.org>
>
> Hello,
> I have been searching for a solution that collects/duplicates
> NetFlow traffic properly for a while but i couldn't find any.
> Do you know any good unix alternative to ntopng, flowd, flow-tools?
>
> nprobe of netflow seems to be the closest one to fit my needs but i
> want to see if there are any other solution.
>
> My goal is to centralize NetFlow traffic into a single machine and
> then proxy some flows to other destinations for further analysis
>
> Best Regards,
> Sami
