If one does not wanna use netflow, but ipaccounting, then this is a also a nice solution... http://ipacco.sourceforge.net/index.php
tom from munich/germany -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Randy Bush Gesendet: Montag, 6. Februar 2006 09:25 An: [EMAIL PROTECTED] Betreff: Re: flow -> web folk have asked me to summarize. so here it goes "Justin M. Streiner" <[EMAIL PROTECTED]> and Nicolas Strina <[EMAIL PROTECTED]> recommended the nfdump nfsen pair, http://nfsen.sourceforge.net http://nfdump.sourceforge.net Chris Kuethe <[EMAIL PROTECTED]> and Peter Wohlers <[EMAIL PROTECTED]> recommended ntop http://www.ntop.org/ Peter Wohlers <[EMAIL PROTECTED]> also recommended Stager http://software.uninett.no/stager/?page=docs Steven Rakick <[EMAIL PROTECTED]> recommended nSight http://www.obtuse.net/software/nsight Tony Hacche <[EMAIL PROTECTED]> recommended Crannog's NetFlow Tracker http://www.crannog-software.com/index.php?go=Product.ShowDetail&ProductID=1 Jared Mauch <[EMAIL PROTECTED]> has a tool to detect and highlight ddos symptoms, but it does not have per-protocol sexy graphs. looks very useful for ddos detection, though --- i am currently playing with nfsdump/nfsen randy
