On 13/12/2011 9:19 πμ, Nikolaos Milas wrote: > I would like to ask whether there are plans to support nbar graphs and > analysis within nfsen (leveraging FNF), and if so, how soon. > > Such functionality would really be great and highly needed. >
A while back I asked about nbar support. I would like to ask again, more specifically: 1. Does nfdump/nfcapd have the capability to capture/maintain flexible-netflow nbar information (available in Netflow v9), i.e. application information in netflow records (of course, when such info is configured to be submitted by routers - with IOS versions 15.x)? 2. If the answer to 1 is yes, can we use nfdump (or the nfsen GUI query-form) to easily display details about the application information? For example, we would want to display the applications used by one IP address or those that are used between two particular IP addresses. Graphing nbar is different; Most importantly we would want to have application info on a per IP-Address basis. ===== As a side-note, it would be useful to have nfsen plugins or particular pre-made filters that can (attempt to) *de**duce* application information (esp. malicious or dangerous) by analyzing standard Netflow data, even when actual application info is missing; in fact I would expect that such plugins/filters might already be available. For example, a filter like: "port in [6881 6882 6883 6884 6885 6886 6887 6888 6889] and proto tcp" should identify bittorrent activity. An example plugin could be able to run a set of such pre-made (or configurable) filters for a given IP Address, a range of IP addresses or the whole network, and for a given time-frame and report on the applications used (union / intersection thereof, for the selected IP Addresses). Thank you very much, Nick ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
