Set up netflow at your network borders.
Send to a collector and dump 30s windows in raw v5 netflow to a file.
Dump from raw v5 to a text parsable format.
Every 2 minutes or so, use a cron to merge all flow data.
account for:
netflor variations
origin AS
watch pps rates
watch DST port to detect DDOS attacks
graph pps&bps by proto and pps by port
Tuesday, March 18, 2008
Subscribe to:
Posts (Atom)
