Installing network flow software SiLK and YAF
I needed to pull some netflow data from capture traffic and I didn't see a package for SiLK.
In case you aren't sure what silk is:
The System for Internet Level Knowledge (SiLK) is an efficient network flow collection and storage infrastructure that will accept flow data from a variety of sensors. SiLK also provides a suite of efficient command-line tools for analysis.
You need YAF if you want to convert pcaps into flow binaries.
Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. YAF's output can be used with super_mediator, Pipeline 5, and the SiLK tools.
These tools follow the Unix standard of piping output through multiple, single-purpose tools to get what you need. In fact, it is practically mandatory.
I was able to get it installed in fits and starts, but found the howto on their website after the fact: https://tools.netsa.cert.org/conflue...ageId=23298051
I thought I'd post it here for anyone else who needs to look at flow data. It's great for doing quick network forensics and anomaly detection.
Silly question about these ... By anomaly detection ... Would I be able to get info as to why virtually every day my wifi cuts off between 6Pm and 8pm and sometimes midnight? I've been trying to get all the data on this issue for some time . Any suggestions much appreciated
Tags for this Thread