Netflow Tools [updated] «500+ SAFE»

This guide covers production-grade NetFlow tooling. Start with nfdump for small environments, pmacct + ClickHouse for mid-scale, and GoFlow2 + Kafka for carrier-grade.

# Flows per second (FPS) spike nfcapd -p 2055 -w -l /data -T all # Real-time: watch -n 1 'nfdump -R /data -r current -s flows | head' (requires NetFlow v9 + BGP table) netflow tools

1. Core Concept: What NetFlow Actually Is NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network metadata. It is not packet capture (full payload) nor simple SNMP counters (bytes/sec). It is flow-level accounting . This guide covers production-grade NetFlow tooling

: 30-day retention, detect botnet C2, per-department billing. Core Concept: What NetFlow Actually Is NetFlow is

:

plugins: kafka aggregate: src_host, dst_host, src_port, dst_port, proto, tos, src_as, dst_as kafka_topic: netflow_raw kafka_broker_host: kafka1:9092,kafka2:9092 imt_path: /var/spool/pmacct - Top talkers last hour:

interface GigabitEthernet0/1 ip flow ingress ip flow egress ! ip flow-export source Loopback0 ip flow-export version 5 ip flow-export destination 192.168.1.100 2055 :

We (barely) use cookies
This website uses a minimal amount of cookies necessary to implement the site functionality. By agreeing to accept these cookies, you make sure that the site will function properly.
Ok