client

install

apt-get install fprobe

first test

fprobe -i eth0 192.168.244.152:23456

• /etc/default/fprobe

server

nfdump

install

apt-get install nfdump
mkdir /var/netflow
nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l /var/netflow/

nfsen

install needed packets

apt-get install apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl

install nfsen source packets

cd /usr/src/
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1

perl -MCPAN -e 'install Socket6'

cp etc/nfsen-dist.conf /etc/nfsen.conf

change this

$HTMLDIR     = "/var/www/html/nfsen/";
$PREFIX      = '/usr/bin'
$USER        = "www-data";
$WWWUSER     = "www-data";
$WWWGROUP    = "www-data";
%sources     = (
   'huey'    => { 'port' => '23456', 'col' => '#0000ff', 'type' => 'netflow' },
);
$MAIL_FROM   = 'technik@xinux.de';
$SMTP_SERVER = 'baltar.tuxmen.de';

Links

• http://meetings.ripe.net/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf
• http://www.hurlster.com/wiki/index.php/Netflow
• https://www.youtube.com/watch?v=oipMSiBWB08
• http://www.hurlster.com/wiki/index.php/Netflow