Hi Nick,
On 24/10/12 5:18 PM, Nikolaos Milas wrote:
> On 13/12/2011 9:19 πμ, Nikolaos Milas wrote:
>
>> I would like to ask whether there are plans to support nbar graphs and
>> analysis within nfsen (leveraging FNF), and if so, how soon.
>>
>> Such functionality would really be great and highly needed.
>>
So far nbar is not implemented, however can be done, if there is a user demand.
I would need flow traces ( full pcap dumps of flow exports ) in order to
to implement this feature. So feel free to send me them off list.
As for the predefined filters - I'd happily integrate them, but would need
user feedback, what they want to see going into the defaults.
Cheers
- Peter
>
> A while back I asked about nbar support. I would like to ask again, more
> specifically:
>
> 1. Does nfdump/nfcapd have the capability to capture/maintain
> flexible-netflow nbar information (available in Netflow v9), i.e.
> application information in netflow records (of course, when such info is
> configured to be submitted by routers - with IOS versions 15.x)?
>
> 2. If the answer to 1 is yes, can we use nfdump (or the nfsen GUI
> query-form) to easily display details about the application information?
> For example, we would want to display the applications used by one IP
> address or those that are used between two particular IP addresses.
>
> Graphing nbar is different; Most importantly we would want to have
> application info on a per IP-Address basis.
>
> =====
>
> As a side-note, it would be useful to have nfsen plugins or particular
> pre-made filters that can (attempt to) *de**duce* application
> information (esp. malicious or dangerous) by analyzing standard Netflow
> data, even when actual application info is missing; in fact I would
> expect that such plugins/filters might already be available.
>
> For example, a filter like: "port in [6881 6882 6883 6884 6885 6886 6887
> 6888 6889] and proto tcp" should identify bittorrent activity.
>
> An example plugin could be able to run a set of such pre-made (or
> configurable) filters for a given IP Address, a range of IP addresses or
> the whole network, and for a given time-frame and report on the
> applications used (union / intersection thereof, for the selected IP
> Addresses).
>
> Thank you very much,
> Nick
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Nfsen-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
