Free netflow port software for linux

DB based NetFLow Collector aims to collect Cisco NetFlow data and store it to a database.
DB based NetFlow Collector has a plugin interface, which makes it flexible for fitting in particular tasks.
Enhancements:
- First release. post your comments/bug reports.

cflowd is a flow analysis tool currently used for analyzing Ciscos NetFlow enabled switching method.

The current release (described below) includes the collections, storage, and basic analysis modules for cflowd and for arts++ libraries. This analysis package permits data collection and analysis by ISPs and network engineers in support of capacity planning, trends analysis, and characterization of workloads in a network service provider environment. Other areas where cflowd may prove useful are: tracking for Web hosting, accounting and billing, network planning and analysis, network monitoring, developing user profiles, data warehousing and mining, as well as security-related investigations.


cflowd is no longer supported by CAIDA. Instead, please consider the use of flow-tools, which will provide a toolset for working with NetFlow data. flow-tools can also be used (like cflowd) in conjunction with FlowScan, maintained by Dave Plonka at the University of Wisconsin, Madison.

dnsreflector daemon listens for DNS queries on a local UDP port and answers with records pointing back to localhost. Combined with OpenBSDs packet filter pf(4) this works as a bandwidth efficient spamtrap.

dnsreflector was written and tested with OpenBSD. If you are interested in running dnsreflector on another platform, please contact me .

PF Setup

table < spamd > persist
rdr inet proto udp from < spamd > to any port 53 -> 127.0.0.1 port 53000

Usage

dnsreflector [-d] [-a address] [-p port]

-d Run as daemon in the background
-a address Bind to this address (default: 127.0.0.1)
-p port Bind to this port (default: 53000)

Linux: On popular demand I made a diff to compile dnsreflector with Linux (tested on SuSE). You will need a facility to redirect DNS queries coming from blacklisted hosts to dnsreflector. I dont know how to do this with Linux netfilter, but if you do, please tell me.

C-Dogs SDL is a port of the old DOS arcade game C-Dogs to modern operating systems utilising the SDL Media Libraries. In theory C-Dogs SDL should be able to run on Windows, MacOS X, BeOS and the other systems supported by SDL.

Genererally, the more UNIX like a system is, the greater the chance of C-Dogs working (MacOS X and BeOS people, I mean you guys).

C-Dogs SDL was ported to SDL by Jeremy Chin and Lucas Martin-King, using Gentoo Linux as their development environment.

C-Dogs is an arcade shoot-em-up which lets players work alone and co-operativly during missions, and against each other in the "dogfight" deathmatch mode. The DOS version of C-Dogs came with several built in missions and dogfight maps, this version is no exception.

The author of the DOS version of C-Dogs was Ronny Wester. See the "official" homepage for more details. We would like to thank him for releasing the C-Dogs sources to the public.

flow-tools is a set of programs for processing and managing NetFlow exports from Cisco and Juniper routers. The tools included are: flow-capture, flow-cat, flow-dscan, flow-expire, flow-export, flow-fanout, flow-filter, flow-gen, flow-header, flow-import, flow-mask, flow-merge, flow-nfilter, flow-print, flow-receive, flow-report, flow-send, flow-split, flow-stat, flow-tag, and flow-xlate.

Flow data is collected and stored by default in host byte ordera nd the files are portable across every endian architectures.

Commands that utilize the network use a localip/remoteip/port designation for communication. "localip" is the IP address the host will use as a source for sending or bind to when receiving NetFlow PDUs (ie the destination address of the exporter. Configuring the "localip" to 0 will force the kernel to decide what IP address to use for sending and listen on all IP addresses for receiving. "remoteip" is the destination IP address used for sending or the expected address of the source when receiving. If the "remoteip" is 0 then the application will accept flows from any source address. The "port" is the UDP port number used for sending or receiving. When using multicast addresses the localip/remoteip/port is used to represent the source, group, and port respectively.

Flows are exported from a router in a number of different configurable versions. A flow is a collection of key fields and additional data. The flow key is {srcaddr, dstaddr, input, output, srcport, dstport, prot, ToS}. Flow-tools supports one export version per file.

Export versions 1, 5, 6, and 7 all maintain {nexthop, dPkts, dOctets, First, Last, flags}, ie the next-hop IP address, number of packets, number of octets (bytes), start time, end time, and flags such as the TCP header bits. Version 5 adds the additional fields {src_as, dst_as, src_mask, dst_mask}, ie source AS, destination AS, source network mask, and destination network mask. Version 7 which is specific to the Catalyst switches adds in addition to the version 5 fields {router_sc}, which is the Router IP address which populates the flow cache shortcut in the Supervisor. Version 6 which is not officially supported by Cisco adds in addition to the version 5 fields {in_encaps, out_encaps, peer_nexthop}, ie the input and output interface encapsulation size, and the IP address of the next hop within the peer. Version 1 exports do not contain a sequence number and therefore should be avoided, although it is safe to store the data as version 1 if the additional fields are not used.

Version 8 IOS NetFlow is a second level flow cache that reduces the data exported from the router. There are currently 11 formats, all of which provide {dFlows, dOctets, dPkts, First, Last} for the key fields.

8.1 - Source and Destination AS, Input and Output interface
8.2 - Protocol and Port
8.3 - Source Prefix and Input interface
8.4 - Destination Prefix and Output interface
8.5 - Source/Destination Prefix and Input/Output interface
8.9 - 8.1 + ToS
8.10 - 8.2 + ToS
8.11 - 8.3 + ToS
8.12 - 8.5 + ToS
8.13 - 8.2 + ToS
8.14 - 8.3 + ports + ToS

Version 8 CatIOS NetFlow appears to be a less fine grained first level flow cache.

8.6 - Destination IP, ToS, Marked ToS,
8.7 - Source/Destination IP, Input/Output interface, ToS, Marked ToS,
8.8 - Source/Destination IP, Source/Destination Port,
Input/Output interface, ToS, Marked ToS,

The following programs are included in the flow-tools distribution.

flow-capture - Collect, compress, store, and manage disk space for exported flows from a router.
flow-cat - Concatenate flow files. Typically flow files will contain a small window of 5 or 15 minutes of exports. Flow-cat can be used to append files for generating reports that span longer time periods.
flow-fanout - Replicate NetFlow datagrams to unicast or multicast destinations. Flow-fanout is used to facilitate multiple collectors attached to a single router.
flow-report - Generate reports for NetFlow data sets. Reports include source/destination IP pairs, source/destination AS, and top talkers. Over 50 reports are currently supported.
flow-tag - Tag flows based on IP address or AS #. Flow-tag is used to group flows by customer network. The tags can later be used with flow-fanout or flow-report to generate customer based traffic reports.
flow-filter - Filter flows based on any of the export fields. Flow-filter is used in-line with other programs to generate reports based on flows matching filter expressions.
flow-import - Import data from ASCII or cflowd format.
flow-export - Export data to ASCII or cflowd format.
flow-send - Send data over the network using the NetFlow protocol.
flow-receive - Receive exports using the NetFlow protocol without storing to disk like flow-capture.
flow-gen - Generate test data.
flow-dscan - Simple tool for detecting some types of network scanning and Denial of Service attacks.
flow-merge - Merge flow files in chronoligical order.
flow-xlate - Perform translations on some flow fields.
flow-expire - Expire flows using the same policy of flow-capture.
flow-header - Display meta information in flow file.
flow-split - Split flow files into smaller files based on size, time, or tags.

TCP port scanner is a network scanner for Linux.

Installation:

1. Install - become root and gunzip/tar tcpscan-X-Y-Z.tar.gz.
2. Type ./confugure , make
3. Type install
4. Enjoy and try type tcpscan localhost
5. To get help - run tcpscan without parametres.

Usage:

tcpscan [-f] [hostname || IP_address]
tcpscan [-f] [first_IP_address] [last_IP_address]

Just Another Port Scanner (JAPS) is an easy to use, bare-bones TCP port scanner. JAPS requires the GTK+ library to run. I created JAPS because I felt it would be a fun project and I wanted to learn GTK+ programming basics.

To compile an install JAPS just type make.

Todo
Add subnet scanning
Add progress bar
Display service name next to port number in results box
If you have any suggestions please contact me. 1

OSSP flow2rrd is a companion tool to the Flow-Tools toolkit for storing NetFlow network traffic data in an accumulating fixed-size RRDTool Round-Robin-Database (RRD) for visualization purposes.
This file is piece of OSSP flow2rrd, a tool for storing NetFlow data into an RRD which can be found at http://www.ossp.org/pkg/tool/flow2rrd/.
Enhancements:
- Created the initial version of OSSP flow2rrd.