Flow collection and analysis

Jean St-Laurent jean at ddostest.me
Tue Jan 25 22:24:42 UTC 2022

I agree with you.


The tool doesn’t really matter. Windows, linux, cloud or not.


It’s really important to first understand what are you trying to solve or improve?


If this step is forgotten, then it will just be another tool to support to add in your long list of useless tools.


My personal favorites are a mix of:


*	Ntop with PF_RING enabled.
*	Nfdump
*	Elasticsearch 


I’m sure all the other tools are also very good. Csv in excel or grep/awk could also work if you know exactly what you’re looking for. 😉





From: NANOG <nanog-bounces+jean=ddostest.me at nanog.org> On Behalf Of Christopher Morrow
Sent: January 25, 2022 12:38 PM
To: David Bass <davidbass570 at gmail.com>
Cc: <nanog at nanog.org> <nanog at nanog.org>
Subject: Re: Flow collection and analysis




On Tue, Jan 25, 2022 at 10:53 AM David Bass <davidbass570 at gmail.com <mailto:davidbass570 at gmail.com> > wrote:

Wondering what others in the small to medium sized networks out there are using these days for netflow data collection, and your opinion on the tool?


a question not asked, and answer not provided here, is:
  "What are you actually trying to do with the netflow?"


Answers of the form:
  "Dos detection and mitigation planning"
  "Discover peering options/opportunities"
  "billing customers"

  "traffic analysis for future network planning"

  "abuse monitoring/management/investigations"

  "pretty noc graphs"


are helpful.. I'm sure other answers would as well.. but: "how do you collect?" is "with a collector" and isn't super helpful if the collector can't feed into the tooling / infrastructure / long-term goal you have.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220125/0b8efb4e/attachment.html>

More information about the NANOG mailing list