Free netflow collector 1.0 software for linux

DB based NetFLow Collector aims to collect Cisco NetFlow data and store it to a database.
DB based NetFlow Collector has a plugin interface, which makes it flexible for fitting in particular tasks.
Enhancements:
- First release. post your comments/bug reports.

libGarbageCollector is an incremental garbage collector with a tri-color, Baker treadmill, write-barrier implementation.

libGarbageCollector is built from the garbage collector code used in the Io programming language project.

Open Media Collectors Database project (OpenDb) is a PHP and MySQL based inventory application that allows you to easily catalog and lend media-related items, including DVD, VCD, CD, VHS, games, books, and laser discs.
There are also quite a few Contributed item types available, and if thats not enough you can define your own.
OpenDb is GPL licenced and built on PHP and MySQL. Anything that you can collect and lend, you can catalog with this system. OpenDb allows you to add new types, by describing them in system database tables designed for the purpose.
It includes workflow mechanism for lending, possibility to use different themes and/or creating themes, retrieving data from Amazon, imdb & others, plugins, language packs, etc.
Main features:
- Catalogue all sorts of things including DVD, (S)VCD, DivX, CD, VHS, Games, Books and Laser Discs
- Lending workflow
- Flexible add of new types
- Themes
- Supports metadata from Amazon, imdb, etc.
- Plugins
- Language Packs

FlowScan is a network analysis and reporting tool.[ COPYRIGHT=1]
Enhancements:
- The CampusIO and SubNetIO reports were enhanced with a new optional configuration directive: TopN. When defined, this directive causes ``Top Talker reports to be produced. These HTML reports contain the most active (i.e. ``top) source and destination addresses.
- The CampusIO and SubNetIO reports were enhanced to record the number of local IP addresses that where active for each network and subnet into the RRD files. This enables users to estimate the number of active hosts hosts over time, detect ``scans which systematically sweep across network address space, and to calculate the average bytes, packets, and flows per host.
- The template Makefile used to produce the graphs was enhanced to allow the inclusion of ``events in the graphs, similarly to what can be done with Cricket. This allows you to label events such as configuration changes and outages to discover correlations with traffic measurement.
- Two new utilities suitable for stand-alone use, are included. ip2hostname converts IP addresses to their respective hostnames. event2vrule adds ``events to rrdtool graphs.
- Added support for LFAP (Lightweight Flow Accouting Protocol) used by Riverstone and Enterasys (formerly Cabletron) routers. This currently requires slate (from http://www.nmops.org) and lfapd by Steven Premeau . lfapd produces time-stamped raw flow files in the same cflowd-defined format that is processed by FlowScan.
- Added the ability for the CampusIO report to identify outbound flows based solely on the flows destination IP address. While this is less trustworthy than using NextHops or OutputIfIndexes, it is now the default and will be useful for environments where the flow nexthop or output ifIndex values are not meaningful.
- The CampusIO report contains a new experimental feature which reads a BGP routing table, and therefore can determine which Autonomous systems source, transit, or sink most of your institutions traffic. The CampusIO report was enhanced with new optional configuration directives: BGPDumpFile, TopN, ReportPrefixFormat. When properly defined, these directives cause CampusIO to create tabular HTML reports named {origin|path}_{in|out}.html under OutputDir after analyzing each raw flow file. These reports show the ``top Autonomous Systems with which your site exchanges traffic.
- A WebProxyIfIndex directive was added to the CampusIO report. This allows one to specify the index of the interface to which HTTP traffic is being transparently redirected. This enables FlowScan to properly count HTTP flows even though NetFlow v5 does not accurately report the nexthop value for flows which are transparently redirected via a Cisco route-map.
- CampusIO now contains a fix for a bug introduced in FlowScan-1.005 which would sometimes cause perl to abort with this message: patricia.c:645: patricia_lookup: Assertion `prefix failed.

bbnfc is useful for debugging netflow exports as produced by Cisco, Juniper, etc. routers. This simple program sits on a user-specified UDP port and displays to stdout all netflow exports that are sent to the machine. Complete program is 300 lines long (C source).

The source should compile under most flavours of UNIX, with little or no modification.
Note: Some web browsers will tend to display .tgz archives on the screen rather than saving them to a file. You may need to hold down the shift key when selecting the link below (or possibly some other brain-dead combination).


In this archive you will see the following files:
readme.bbnfc - This readme file
bbnfc.c - Source code for bbnfc
netflow.h - Header file
bbnfc - Pre-compiled binary for Linux (Intel)

To compile from source the following (or some variation thereof) should work:
gcc -o bbnfc bbnfc.c

Basic usage instructions can be obtained with
./bbnfc -h

System Configuration Collector Server generates summaries of scc-data sent by clients. System Configuration Collector Server offers a Web interface that supports searching the snapshots and the logbooks of the systems. It also supports comparing (parts of) the snapshots of systems.
Enhancements:
- This release uses CSS directives to indicate different colors when comparing data from systems.
- It handles the case of an empty log.html when sort is implemented by busybox.
- stdout and stderr are recorded from client runs in the log file when started by scc-pull.
- A puppylinux package has been added.
- style.css has been updated to show variable data in scc snapshots.

cflowd is a flow analysis tool currently used for analyzing Ciscos NetFlow enabled switching method.

The current release (described below) includes the collections, storage, and basic analysis modules for cflowd and for arts++ libraries. This analysis package permits data collection and analysis by ISPs and network engineers in support of capacity planning, trends analysis, and characterization of workloads in a network service provider environment. Other areas where cflowd may prove useful are: tracking for Web hosting, accounting and billing, network planning and analysis, network monitoring, developing user profiles, data warehousing and mining, as well as security-related investigations.


cflowd is no longer supported by CAIDA. Instead, please consider the use of flow-tools, which will provide a toolset for working with NetFlow data. flow-tools can also be used (like cflowd) in conjunction with FlowScan, maintained by Dave Plonka at the University of Wisconsin, Madison.

flow-tools is a set of programs for processing and managing NetFlow exports from Cisco and Juniper routers. The tools included are: flow-capture, flow-cat, flow-dscan, flow-expire, flow-export, flow-fanout, flow-filter, flow-gen, flow-header, flow-import, flow-mask, flow-merge, flow-nfilter, flow-print, flow-receive, flow-report, flow-send, flow-split, flow-stat, flow-tag, and flow-xlate.

Flow data is collected and stored by default in host byte ordera nd the files are portable across every endian architectures.

Commands that utilize the network use a localip/remoteip/port designation for communication. "localip" is the IP address the host will use as a source for sending or bind to when receiving NetFlow PDUs (ie the destination address of the exporter. Configuring the "localip" to 0 will force the kernel to decide what IP address to use for sending and listen on all IP addresses for receiving. "remoteip" is the destination IP address used for sending or the expected address of the source when receiving. If the "remoteip" is 0 then the application will accept flows from any source address. The "port" is the UDP port number used for sending or receiving. When using multicast addresses the localip/remoteip/port is used to represent the source, group, and port respectively.

Flows are exported from a router in a number of different configurable versions. A flow is a collection of key fields and additional data. The flow key is {srcaddr, dstaddr, input, output, srcport, dstport, prot, ToS}. Flow-tools supports one export version per file.

Export versions 1, 5, 6, and 7 all maintain {nexthop, dPkts, dOctets, First, Last, flags}, ie the next-hop IP address, number of packets, number of octets (bytes), start time, end time, and flags such as the TCP header bits. Version 5 adds the additional fields {src_as, dst_as, src_mask, dst_mask}, ie source AS, destination AS, source network mask, and destination network mask. Version 7 which is specific to the Catalyst switches adds in addition to the version 5 fields {router_sc}, which is the Router IP address which populates the flow cache shortcut in the Supervisor. Version 6 which is not officially supported by Cisco adds in addition to the version 5 fields {in_encaps, out_encaps, peer_nexthop}, ie the input and output interface encapsulation size, and the IP address of the next hop within the peer. Version 1 exports do not contain a sequence number and therefore should be avoided, although it is safe to store the data as version 1 if the additional fields are not used.

Version 8 IOS NetFlow is a second level flow cache that reduces the data exported from the router. There are currently 11 formats, all of which provide {dFlows, dOctets, dPkts, First, Last} for the key fields.

8.1 - Source and Destination AS, Input and Output interface
8.2 - Protocol and Port
8.3 - Source Prefix and Input interface
8.4 - Destination Prefix and Output interface
8.5 - Source/Destination Prefix and Input/Output interface
8.9 - 8.1 + ToS
8.10 - 8.2 + ToS
8.11 - 8.3 + ToS
8.12 - 8.5 + ToS
8.13 - 8.2 + ToS
8.14 - 8.3 + ports + ToS

Version 8 CatIOS NetFlow appears to be a less fine grained first level flow cache.

8.6 - Destination IP, ToS, Marked ToS,
8.7 - Source/Destination IP, Input/Output interface, ToS, Marked ToS,
8.8 - Source/Destination IP, Source/Destination Port,
Input/Output interface, ToS, Marked ToS,

The following programs are included in the flow-tools distribution.

flow-capture - Collect, compress, store, and manage disk space for exported flows from a router.
flow-cat - Concatenate flow files. Typically flow files will contain a small window of 5 or 15 minutes of exports. Flow-cat can be used to append files for generating reports that span longer time periods.
flow-fanout - Replicate NetFlow datagrams to unicast or multicast destinations. Flow-fanout is used to facilitate multiple collectors attached to a single router.
flow-report - Generate reports for NetFlow data sets. Reports include source/destination IP pairs, source/destination AS, and top talkers. Over 50 reports are currently supported.
flow-tag - Tag flows based on IP address or AS #. Flow-tag is used to group flows by customer network. The tags can later be used with flow-fanout or flow-report to generate customer based traffic reports.
flow-filter - Filter flows based on any of the export fields. Flow-filter is used in-line with other programs to generate reports based on flows matching filter expressions.
flow-import - Import data from ASCII or cflowd format.
flow-export - Export data to ASCII or cflowd format.
flow-send - Send data over the network using the NetFlow protocol.
flow-receive - Receive exports using the NetFlow protocol without storing to disk like flow-capture.
flow-gen - Generate test data.
flow-dscan - Simple tool for detecting some types of network scanning and Denial of Service attacks.
flow-merge - Merge flow files in chronoligical order.
flow-xlate - Perform translations on some flow fields.
flow-expire - Expire flows using the same policy of flow-capture.
flow-header - Display meta information in flow file.
flow-split - Split flow files into smaller files based on size, time, or tags.