Installing network flow software SiLK and YAF
I needed to pull some netflow data from capture traffic and I didn't see a package for SiLK.
In case you aren't sure what silk is:
The System for Internet Level Knowledge (SiLK) is an efficient network flow collection and storage infrastructure that will accept flow data from a variety of sensors. SiLK also provides a suite of efficient command-line tools for analysis.
You need YAF if you want to convert pcaps into flow binaries.
Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. YAF's output can be used with super_mediator, Pipeline 5, and the SiLK tools.
These tools follow the Unix standard of piping output through multiple, single-purpose tools to get what you need. In fact, it is practically mandatory.
I was able to get it installed in fits and starts, but found the howto on their website after the fact: https://tools.netsa.cert.org/conflue...ageId=23298051
I thought I'd post it here for anyone else who needs to look at flow data. It's great for doing quick network forensics and anomaly detection.
Silly question about these ... By anomaly detection ... Would I be able to get info as to why virtually every day my wifi cuts off between 6Pm and 8pm and sometimes midnight? I've been trying to get all the data on this issue for some time . Any suggestions much appreciated
Suggestions for Neuromancer
Originally Posted by Neuromancer
I'm fairly certain that this software would give much more data of the wrong type for resolving your issues. Based on the assumption that your wifi, or internet connection which your wifi connects to, is provided as a paid service from the phone, cable or satillite company:
Most of the residents in your area subscribe to either of these services and like many others choose to enjoy streaming video during dinner or perhaps are researching for their homework. In this case your best course of action is to call your internet service provider and request dedicated line access.
Does anyone else reside with you? Perhaps they are doing one of the above...
Finally, check your router security settings & logs to verify that only your devices are authorized to connect and are connecting. If you are feeling adventurous change your wifi password.
Tags for this Thread