If you don't have too many flows (seeing as you are using it for the home network), you could install Splunk* with the "Netflow for Splunk" application (which uses nfcapd/nfdump) instead of using nfsen. This allows you to correlate flows with other type of interesting log information as well as allow you to visualise it (e.g. using Google maps, various graphs and so on).
Tor * The "free" version can index 500MB day; I have not yet reached that limit for my home network. Cannot run on OpenBSD. On Wed, May 01, 2013 at 10:22:50PM +0200, Peter N. M. Hansteen wrote: > Jan Stary <[email protected]> writes: > > > I just started using plfow(4) on the router/firewall > > of my small home network. What do people recommend for > > collection and analysis tools? So far, I am aware of > > packages for flow-tools, flowd, and softflowd. > > My absolute favorite is nfdump feeding nfsen. pkg_add nfsen and reading > the package message should get you alle the way there inside a few > minutes. > > - P > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
