[EXTERNAL] Re: Flow collection and analysis

John Schiel jschiel at flowtools.net
Wed Jan 26 00:11:19 UTC 2022

Samplicator is a nifty tool.


On 1/25/22 16:50, Compton, Rich A wrote:
> Elastiflow is pretty cool. https://www.elastiflow.com  or the old open 
> source version: https://github.com/robcowart/elastiflow
> You can pretty much do the same thing with Elastic’s filebeat 
> (https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-netflow.html). 
> Pmacct is also good for grabbing netflow http://www.pmacct.net and 
> sending it somewhere (file, database, kafka, etc.) You can also grab 
> BMP and streaming telemetry with it.
> If you’re looking for open source DDoS detection using netflow, check 
> out https://github.com/pavel-odintsov/fastnetmon
> Shameless plug, check out my tool to look for spoofed UDP 
> amplification request traffic coming into your network 
> https://github.com/racompton/tattle-tale
> FYI, you can send netflow to multiple collectors with 
> https://github.com/sleinen/samplicator
> -Rich
> *From: *NANOG <nanog-bounces+rich.compton=charter.com at nanog.org> on 
> behalf of David Bass <davidbass570 at gmail.com>
> *Date: *Tuesday, January 25, 2022 at 11:06 AM
> *To: *Christopher Morrow <morrowc.lists at gmail.com>
> *Cc: *NANOG list <nanog at nanog.org>
> *Subject: *[EXTERNAL] Re: Flow collection and analysis
> *CAUTION:*The e-mail below is from an external source. Please exercise 
> caution before opening attachments, clicking links, or following 
> guidance.
> Most of these things, yes.
> Add:
> Troubleshooting/operational support
> Customer reporting
> On Tue, Jan 25, 2022 at 1:38 PM Christopher Morrow 
> <morrowc.lists at gmail.com> wrote:
>     On Tue, Jan 25, 2022 at 10:53 AM David Bass
>     <davidbass570 at gmail.com> wrote:
>         Wondering what others in the small to medium sized networks
>         out there are using these days for netflow data collection,
>         and your opinion on the tool?
>     a question not asked, and answer not provided here, is:
>       "What are you actually trying to do with the netflow?"
>     Answers of the form:
>       "Dos detection and mitigation planning"
>       "Discover peering options/opportunities"
>       "billing customers"
>       "traffic analysis for future network planning"
>       "abuse monitoring/management/investigations"
>       "pretty noc graphs"
>     are helpful.. I'm sure other answers would as well.. but: "how do
>     you collect?" is "with a collector" and isn't super helpful if the
>     collector can't feed into the tooling / infrastructure / long-term
>     goal you have.
> The contents of this e-mail message and
> any attachments are intended solely for the
> addressee(s) and may contain confidential
> and/or legally privileged information. If you
> are not the intended recipient of this message
> or if this message has been addressed to you
> in error, please immediately alert the sender
> by reply e-mail and then delete this message
> and any attachments. If you are not the
> intended recipient, you are notified that
> any use, dissemination, distribution, copying,
> or storage of this message or any attachment
> is strictly prohibited. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220125/e8922527/attachment.html>

More information about the NANOG mailing list