Results 1 to 3 of 3

Thread: Installing network flow software SiLK and YAF

  1. #1
    Junior Member
    Join Date
    Jul 2016
    Posts
    7

    Lightbulb Installing network flow software SiLK and YAF

    I needed to pull some netflow data from capture traffic and I didn't see a package for SiLK.
    In case you aren't sure what silk is:
    The System for Internet Level Knowledge (SiLK) is an efficient network flow collection and storage infrastructure that will accept flow data from a variety of sensors. SiLK also provides a suite of efficient command-line tools for analysis.

    You need YAF if you want to convert pcaps into flow binaries.
    Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. YAF's output can be used with super_mediator, Pipeline 5, and the SiLK tools.

    These tools follow the Unix standard of piping output through multiple, single-purpose tools to get what you need. In fact, it is practically mandatory.

    I was able to get it installed in fits and starts, but found the howto on their website after the fact: https://tools.netsa.cert.org/conflue...ageId=23298051

    I thought I'd post it here for anyone else who needs to look at flow data. It's great for doing quick network forensics and anomaly detection.

    Thanks!
    AP

  2. #2
    Junior Member
    Join Date
    Dec 2016
    Posts
    1
    Silly question about these ... By anomaly detection ... Would I be able to get info as to why virtually every day my wifi cuts off between 6Pm and 8pm and sometimes midnight? I've been trying to get all the data on this issue for some time . Any suggestions much appreciated

  3. #3
    Junior Member
    Join Date
    Apr 2017
    Posts
    1

    Suggestions for Neuromancer

    Quote Originally Posted by Neuromancer View Post
    Silly question about these ... By anomaly detection ... Would I be able to get info as to why virtually every day my wifi cuts off between 6Pm and 8pm and sometimes midnight? I've been trying to get all the data on this issue for some time . Any suggestions much appreciated
    Neuromancer:
    I'm fairly certain that this software would give much more data of the wrong type for resolving your issues. Based on the assumption that your wifi, or internet connection which your wifi connects to, is provided as a paid service from the phone, cable or satillite company:
    Most of the residents in your area subscribe to either of these services and like many others choose to enjoy streaming video during dinner or perhaps are researching for their homework. In this case your best course of action is to call your internet service provider and request dedicated line access.
    Does anyone else reside with you? Perhaps they are doing one of the above...
    Finally, check your router security settings & logs to verify that only your devices are authorized to connect and are connecting. If you are feeling adventurous change your wifi password.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •