EHNT software converts Netflow (v5) data streams into human-readable format for easier analysis and interpretation.
The tool's component programs include the 'ehntserv', which listens to Netflow version 5 UDP packets, as well as client TCP connections. When a TCP client connects to the server, the server will forward all Netflow packets it receives, along with the originating device's IP address, to that client. EHNTserv does not include any IP access control, so users are encouraged to implement additional security measures through ipchains or iptables on their Linux boxes, or IP Filter (ipf) on Solaris or BSD boxes.
The 'ehnt' tool connects to ehntserv and displays the flows it receives in various ways, offering four modes that include top, dump, shortdump, and colondump mode. Top mode displays average utilization by top ASes, IP protocols, or TCP/UDP ports over a specified time interval. Dump mode displays individual flows, whereas shortdump mode displays individual flows in a more condensed but less readable format. Colondump mode displays individual flows in a machine-readable format.
Users have the ability to filter data within all three modes by AS number, TCP/UDP port, IP protocol number, device sending the flow record, or SNMP interface index. EHNT can be considered as a brain-dead and straightforward tcpdump for Netflow within the three dump modes. EHNT offers the 'big' filter, which only displays flows that are bigger in packets or bytes than any flow received before it, but this only makes sense in the three dump modes.
What's new in this release is that the software tool has added Unix domain support for client connections, which is enabled by default.
Version 0.4: N/A