EHNT 0.4
Sponsored Links
EHNT 0.4 Ranking & Summary
File size:
2.3 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1210
Date added:
2006-07-03
Publisher:
Nik Weidenbacher
EHNT 0.4 description
EHNT is a tool which turns streams of Netflow (version 5) data into something useful and human-readable. (Netflow is a UDP-based traffic reporting protocol created by Cisco, generated by Cisco, Juniper, Foundry, and other routers.)
Netflow operates in many ways. It will dump flow records in human-readable form. It will also provide reports on top ASes, IP protocols, and tcp/udp ports. The reports can be generated over various intervals, from 1 minute to 1 day.
Component programs are:
1. ehntserv listens to netflow version 5 UDP packets, and also listens for client TCP connections. When a TCP client connects, the server starts forwarding all the netflow packets it receives (plus the IP address of the originating device) to that client.
ehntserv does not currently do any IP access control. I suggest that you use ipchains or iptables on your linux box, or IP Filter (ipf) (http://coombs.anu.edu.au/ipfilter/) on your Solaris or BSD box. I dont know what the current state of packet filtering is on other Unixes; IP Filter seems to support several.
2. ehnt connects to ehntserv and displays the flows it receives in various ways. It currently has four modes (-m ):
- top mode displays average utilization by top ASes, IP protocols, or tcp/udp ports over a given interval (from 1 minute to 1 day).
Top mode is different when it focuses on a single interface on a single router, because then you get to see summaries of source and destionation for both inbound and outbound traffic. Otherwise, you just get summaries of source and destination.
- dump mode displays individual flows
- shortdump mode display individual flows in a more compact but hard
to read fashion
- colondump mode display individual flows in a machine-readable format.
And yes, I recognize that the name of this mode is unpleasant.
In all three modes, simple (REALLY simple) filtering can be done for AS
number, TCP/UDP port, IP protocol number, device sending the flow record,
and SNMP interface index.
You may think of ehnt in the three dump modes as a brain-dead and incredibly
simple tcpdump for netflow.
ehnt also has the silly and uninspiredly-named big filter, in which it
only displays flows with are bigger (in packets or bytes) than any flow
received before it. This only makes sense in the three dump modes.
Enhancements:
- Added Unix domain support for client connections, enabled by default
Netflow operates in many ways. It will dump flow records in human-readable form. It will also provide reports on top ASes, IP protocols, and tcp/udp ports. The reports can be generated over various intervals, from 1 minute to 1 day.
Component programs are:
1. ehntserv listens to netflow version 5 UDP packets, and also listens for client TCP connections. When a TCP client connects, the server starts forwarding all the netflow packets it receives (plus the IP address of the originating device) to that client.
ehntserv does not currently do any IP access control. I suggest that you use ipchains or iptables on your linux box, or IP Filter (ipf) (http://coombs.anu.edu.au/ipfilter/) on your Solaris or BSD box. I dont know what the current state of packet filtering is on other Unixes; IP Filter seems to support several.
2. ehnt connects to ehntserv and displays the flows it receives in various ways. It currently has four modes (-m ):
- top mode displays average utilization by top ASes, IP protocols, or tcp/udp ports over a given interval (from 1 minute to 1 day).
Top mode is different when it focuses on a single interface on a single router, because then you get to see summaries of source and destionation for both inbound and outbound traffic. Otherwise, you just get summaries of source and destination.
- dump mode displays individual flows
- shortdump mode display individual flows in a more compact but hard
to read fashion
- colondump mode display individual flows in a machine-readable format.
And yes, I recognize that the name of this mode is unpleasant.
In all three modes, simple (REALLY simple) filtering can be done for AS
number, TCP/UDP port, IP protocol number, device sending the flow record,
and SNMP interface index.
You may think of ehnt in the three dump modes as a brain-dead and incredibly
simple tcpdump for netflow.
ehnt also has the silly and uninspiredly-named big filter, in which it
only displays flows with are bigger (in packets or bytes) than any flow
received before it. This only makes sense in the three dump modes.
Enhancements:
- Added Unix domain support for client connections, enabled by default
EHNT 0.4 Screenshot
EHNT 0.4 Keywords
EHNT
IP
EHNT 0.4
TCP
UDP
Version 5
into something
NetFlow
mode
Human-readable
5
streams
tool
EHNT 0.4
Networking
System
Bookmark EHNT 0.4
EHNT 0.4 Copyright
WareSeeker periodically updates pricing and software information of EHNT 0.4 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of EHNT 0.4 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
Related Software
ENet is an easy to use, portable UDP networking library. Free Download
GNet is a network library. Free Download
fprobe is a small NetFlow probe which will listen on a network interface. Free Download
vdr_remote is a graphical remote control for the video disk recorder vdr Free Download
packETH is a Linux GUI packet generator tool for ethernet. Free Download
NARC is a free firewalling package for Netfilter/Iptables. Free Download
IPChains is a Perl module to create and manipulate ipchains via Perl. Free Download
Eiffel INET provides an Eiffel classes for writing IPV4 (TCP/UDP) servers and clients. Free Download
Latest Software
Popular Software
Favourite Software
