FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Netflow Tools NfSen and NFDUMP







Platinum Sponsor

BT



Silver Sponsor

Diageo



Local Host

CERT Coordination Center



Supporting Sponsors

Sun



Google



Hitachi



ISS



E-Secure-IT

Korea CertCC



Conference Schedule

Technical Track

Wednesday – June 28th, 16:30

For network security teams of any size, an accurate analysis of the traffic situation is essential. The well-known traffic graphs, do not give enough information especially to investigate security related incidents. To work with netflow data turned out to be a good balance between collecting and processing the data and the information gained from this process.

A lot of tools to collect netflow data are available, but the flexibility to process the flows was either poor, or resulted in expensive commercial systems. The Open Source tools nfdump and NfSen close this gap. They provide a flexible and powerful system to collect and process netflow data for a great variety of tasks.

The presentation starts with a small introduction of netflow and explains how nfdump and NfSen can be used to look at your network traffic, to create easily top N statistics of hosts and networks demanding most bandwidth of your network, as well as to detect host and port scans. It shows how a security incident can be tracked and profiled. Last but not least it gives an overview how to extend NfSen with custom plugins for dedicated tasks specific to your network.

Authors & presenters

  • CHPeter Haag Presenter (SWITCH-CERT – The Swiss Education and Research Network, CH)


Conference Schedule