Results 1 to 2 of 2

Thread: Installing network flow software SiLK and YAF

  1. #1
    Junior Member
    Join Date
    Jul 2016
    Posts
    7

    Lightbulb Installing network flow software SiLK and YAF

    I needed to pull some netflow data from capture traffic and I didn't see a package for SiLK.
    In case you aren't sure what silk is:
    The System for Internet Level Knowledge (SiLK) is an efficient network flow collection and storage infrastructure that will accept flow data from a variety of sensors. SiLK also provides a suite of efficient command-line tools for analysis.

    You need YAF if you want to convert pcaps into flow binaries.
    Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. YAF's output can be used with super_mediator, Pipeline 5, and the SiLK tools.

    These tools follow the Unix standard of piping output through multiple, single-purpose tools to get what you need. In fact, it is practically mandatory.

    I was able to get it installed in fits and starts, but found the howto on their website after the fact: https://tools.netsa.cert.org/conflue...ageId=23298051

    I thought I'd post it here for anyone else who needs to look at flow data. It's great for doing quick network forensics and anomaly detection.

    Thanks!
    AP

  2. #2
    Junior Member
    Join Date
    Dec 2016
    Posts
    1
    Silly question about these ... By anomaly detection ... Would I be able to get info as to why virtually every day my wifi cuts off between 6Pm and 8pm and sometimes midnight? I've been trying to get all the data on this issue for some time . Any suggestions much appreciated

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •