06. 10. 2015 Sandro Santinato NetEye

Netflow Analysis With Improved Nfdump Version

With the idea to get out more from the netflow data fetched by Nfdump and with special needs of our customers, we added some new and useful functionalities to make Nfdump even more interesting and useful for your network traffic analysis.

First of all, Nfdump is a collection of tools to collect and process netflow data on the command line. The netflows are typically gathered from network routers or from our nBoxes and stored on a 5 min base on the hard disk.

Min. and Max. Speed Values

The standard Nfdump version shows you the average transfer rates of a netflow. But what if you are interested in the minimum and maximum transfer rate? You would have to analyze every single transaction from a specific port to another. So, the first functionality we introduced, is the output of the minimum and maximum bit/s to the standard command line output of Nfdump (see columns min_bps and max_bps ).

Here an example command and its output:

This output shows the first ten (-n 10) flows between 24.08.2015 00:00 and 24.08.2015 04:00, indicating the values min_bps and max_bps.

Incomming, Outgoing and Internal Network Traffic

Sometimes it is very useful to analyze which is the traffic going out from your network, or coming in, or even which is the internal traffic. You may have the need to analyze how much traffic this is and how fast it is. For this purpose we introduced the new parameter -C, which lets you indicate which are your own networks. In this way, Nfdump is able to categorize your traffic and telling you, which flows are going out or coming into your network. Additionally, with the parameter -d you have the possibility to specify which traffic should be displayed, for example with -d out only the outgoing traffic is displayed (-d in shows only the incoming traffic).

Here an example output where only outgoing traffic is displayed:

This output shows the first ten (-n 10) outgoing flows (-d out) from our network (-C 10.62.4.0/24) between 24.08.2015 00:00 and 24.08.2015 04:00

Specify Times instead of Nfdump Files

The last feature we added is another new parameter, -P, which gives you the possibility to indicate times instead of the path to the Nfdump files. In this case Nfdump chooses automatically the right Nfdump files to satisfy requests in this time range.

Here a sample output where we have specified the timeperiod of 24.08.2015 from 08:00 to 09:00:

This output shows the first ten (-n 10) flows between 24.08.2015 08:00 and 24.08.2015 09:00 (-P)

Sandro Santinato

Sandro Santinato

Developer at Würth Phoenix
Hi, my name is Sandro and I am the youngest member of the Neteye team. I graduated in 2013 in Applied Computer Science at the Free University of Bolzano but I started working as software engineer at Würth-Phoenix already in May 2012. My main competence is the development and improvement of the “Real User Experience” solution.For me computer programming is not just work, but i like scripting and creating my own software also in my free time. Already as a child I was amazed by computers and their technology. So at the age of 12 I bought the book “C for dummies” and started learning programming on my own 🙂 Later on I discovered the open-source world and I started loving it from the first moment.In my free time I also like mountain biking, hiking, and of course playing the trombone in various music bands.

Author

Sandro Santinato

Hi, my name is Sandro and I am the youngest member of the Neteye team. I graduated in 2013 in Applied Computer Science at the Free University of Bolzano but I started working as software engineer at Würth-Phoenix already in May 2012. My main competence is the development and improvement of the “Real User Experience” solution.For me computer programming is not just work, but i like scripting and creating my own software also in my free time. Already as a child I was amazed by computers and their technology. So at the age of 12 I bought the book “C for dummies” and started learning programming on my own :-) Later on I discovered the open-source world and I started loving it from the first moment.In my free time I also like mountain biking, hiking, and of course playing the trombone in various music bands.

Latest posts by Sandro Santinato

15. 11. 2017 NetEye
Updated Package neteye-ocsng-2.1.2_neteye1.0.2-1 (for NetEye 3.11 + 3.10 + 3.9)
15. 11. 2017 NetEye
Updated Package neteye-ocsng-2.1.2_neteye1.0.2-1 (for NetEye 3.11 + 3.10 + 3.9)
15. 11. 2017 Downloads / Release Notes, NetEye
Updated Package neteye-ocsng-2.1.2_neteye1.0.2-1 (for NetEye 3.11 + 3.10 + 3.9)
15. 11. 2017 NetEye
Updated Package neteye-thruk-1.88.4_neteye1.4.21-1 (for NetEye 3.11)
15. 11. 2017 NetEye
Updated Package neteye-thruk-1.88.4_neteye1.4.21-1 (for NetEye 3.11)
See All

Related Content

Tags: , , , ,

08. 07. 2024 Unified Monitoring

Collecting Netflows – ntopng vs. ElastiFlow

In order to be able to carry out detailed network monitoring, an IT administrator naturally wants to know what is happening in his or her network. To obtain this information, the network flows must of course be analyzed. Many network Read More
10. 05. 2021 Log-SIEM, NetEye

Installing Elastiflow on NetEye SIEM

First of all, I'd like to explain in simple terms what Elastiflow is all about. ElastiFlow is a NetFlow analyzer that works with the Elastic Stack. The Elastiflow Analyzer can collect various network flows, such as netflow or sflow, and Read More
09. 03. 2020 Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. Read More
17. 10. 2019 ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I Read More
26. 11. 2018 NetEye, Unified Monitoring

ntop Training

  Who is using your network and how? What kind of traffic does your company generate? Where does slow network performance come from? ntop has the answers. ntop is a network traffic probe that monitors network usage. This solution provides an intuitive, Read More

4 Replies to “Netflow Analysis With Improved Nfdump Version”

  1. LUCIANO MARTINS says:
    November 24, 2016 at 20:24

    Hello. I’m interested in this modified version of NFDUMP, because I need to know MAX and MIN of my flows.

    Could you help me? Is it possible to deliver this nfdump version?

    Regards,
    Luciano

    Reply
    1. Julia Helfer says:
      November 30, 2016 at 14:08

      Hi Luciano,
      we implemented this feature on request of one of our customers and made it available for download to all NetEye customers within the official NetEye repository.

      We modified the function PrintStatLine in the file nfstat.c in order to get the min and max values. To get the values we’ve added the values min_bps and max_bps

      Regards,
      Julia

      Reply
  2. faisal says:
    December 12, 2016 at 23:31

    hello
    could I have contact with Sandro for an important thing

    Reply
    1. Julia Helfer says:
      December 13, 2016 at 08:55

      Hi Faisal,

      sure, you can write an email to neteye@wuerth-phoenix.com
      It would be nice if you could share your request also here on our blog, in this way, other readers who maybe have similar questions can also read it.

      Regards,
      Julia

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive