Hi there. I've been using nfcap to capture data for quite some time, something has been bothering me though for a little while. Mainly whenever I need certain data, I don't seem to be able to quite 'ask the right question' using nfdump. Does anyone have any example commands for common things such as:
-Find the top 10 tcp/udp (bandwidth) talkers on the network (meaning local) for the last 5 minutes. -Find the top 10 tcp 25 talkers on the network for the last 5 minutes. Also has anyone been able to use nfdump to locate malicious activity such as botnets or DDoS attacks originating from your own network? I.e. looking for IRC connections or UDP port 80, or high levels or ICMP... Sorry if these are wacky questions, I am trying to avoid getting one of those really pricy 'netflow analyzers' like Orion because I have a feeling that nfdump can do the same thing without the pretty graphs but I am just a little weak on how to mine the data at this time. Thanks, -Drew ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
