Software kit for capturing and analyzing netflow data.
The nfdump tools allow for seamless command-line-based processing and collection of netflow data. Nfdump is distributed under the BSD License, meaning that it is open-source and free to use. Some of the tools included in the software are nfcapd, which is an excellent netflow capture daemon that reads netflow data from the network and stores it into files. It automatically rotates files every n minutes, typically every five minutes, and can read netflow v5, v7, and v9 flows transparently. You need one nfcapd process for each netflow stream.
Another tool is nfdump, a netflow dump utility that reads the netflow data from the files stored by nfcapd. Its syntax is similar to that of tcpdump, and if you've used tcpdump before, you'll be familiar with nfdump. The utility will display netflow data and can create lots of top N statistics of flows, IP addresses, ports, etc. ordered by the preference of the user.
Nfprofile is another powerful tool in the bundle that reads the netflow data from the files stored by nfcapd, filters the data according to the specified filter sets (profiles), and stores the filtered data into files for later use. Another impressive tool is nfreplay, which reads the netflow data from the files stored by nfcapd and sends it over the network to another host.
Nfclean.pl is also included and is a sample script to help users clean up old data. They may run this script every hour or so. And finally, ft2nfdump, a utility that reads flow-tools data from files or from stdin in a chain of flow-tools commands, converts the data into nfdump format, making it easier to process.
In conclusion, Nfdump is a must-have software suite for network administrators that require looking in-depth at their network's data. Its flexible filtering capabilities and support for IPv6 makes it stand out as a robust and reliable software. Give it a try today and see how it can benefit you!
Version 1.5.8: N/A