Re: [Nfsen-discuss] duplicate flows
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] duplicate flows
|
From: Peter H. <ha...@sw...> - 2006-07-25 12:11:32
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- From: "Ivan A. Beveridge" <iv...@li...> To: Cédric Delaunay <ced...@gm...> Subject: Re:[Nfsen-discuss] duplicate flows Date: Tue Jul 25 2006 11:42:57 GMT+0200 (CEST) > On 25/07/2006 10:01, Cédric Delaunay wrote: >>> hy nf-users, >>> Using nfsen and nfcapd from a few weeks, I'm now trying to install a scan >>> detector on my network. Ipflow's one seems an efficient one. >>> As i still want to use nfsen, i need to duplicate the flows I receive to 2 >>> others ports. > > If all you want to do is duplicate netflow data (which is UDP), you > should be able to use something simple like UDP samplicator: > http://www.switch.ch/tf-tant/floma/sw/samplicator/ Yes - use samplicator. It's easiest at the moment. latest nfdump can resend received UDP packets as well, however you would need to patch the rc script. - Peter > > Also flowtools (netflow tools) comes with a fanout application (flow-fanout) > > I haven't used either of these (because I use sflow ... and I use > sflowtool to do the fanout at the moment). > > Cheers > > > Ivan > -- > Ivan Beveridge > <iv...@li...> http://www.linx.net/ - ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nfsen-discuss mailing list Nfs...@li... https://lists.sourceforge.net/lists/listinfo/nfsen-discuss - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: pet...@sw... Web: http://www.switch.ch/security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBRMYKaP5AbZRALNr/AQI9wAP+I8ydTh5BwlBmvK6KJwkVYcfNFgKpImPr RKGcprtO8F0dqxraGEsDyvTabwF1wxvkZorw7PVhvs8FH+aewGBHog+oC0VgAoyx dK3nzFUcKutGRpAKL5vJAioibxhbqrxVElgbJ4Y1BZBJnB62G/aVM6cBKJiGqJKu KHVptdVreNY= =o4ai -----END PGP SIGNATURE----- |
