FlowScan 1.006 review

FlowScan is a network analysis and reporting tool.[ COPYRIGHT=1] What's New in This Release: · The CampusIO and SubNetIO reports

License: GPL (GNU General Public License) File size: 146K Developer: Dave Plonka

0

FlowScan is a network analysis and reporting tool.[ COPYRIGHT=1]

What's New in This Release:
The CampusIO and SubNetIO reports were enhanced with a new optional configuration directive: TopN. When defined, this directive causes ``Top Talker'' reports to be produced. These HTML reports contain the most active (i.e. ``top'') source and destination addresses.
The CampusIO and SubNetIO reports were enhanced to record the number of local IP addresses that where active for each network and subnet into the RRD files. This enables users to estimate the number of active hosts hosts over time, detect ``scans'' which systematically sweep across network address space, and to calculate the average bytes, packets, and flows per host.
The template Makefile used to produce the graphs was enhanced to allow the inclusion of ``events'' in the graphs, similarly to what can be done with Cricket. This allows you to label events such as configuration changes and outages to discover correlations with traffic measurement.
Two new utilities suitable for stand-alone use, are included. ip2hostname converts IP addresses to their respective hostnames. event2vrule adds ``events'' to rrdtool graphs.
Added support for LFAP (Lightweight Flow Accouting Protocol) used by Riverstone and Enterasys (formerly Cabletron) routers. This currently requires slate (from http://www.nmops.org) and lfapd by Steven Premeau . lfapd produces time-stamped raw flow files in the same cflowd-defined format that is processed by FlowScan.
Added the ability for the CampusIO report to identify outbound flows based solely on the flow's destination IP address. While this is less trustworthy than using NextHops or OutputIfIndexes, it is now the default and will be useful for environments where the flow nexthop or output ifIndex values are not meaningful.
The CampusIO report contains a new experimental feature which reads a BGP routing table, and therefore can determine which Autonomous systems source, transit, or sink most of your institution's traffic. The CampusIO report was enhanced with new optional configuration directives: BGPDumpFile, TopN, ReportPrefixFormat. When properly defined, these directives cause CampusIO to create tabular HTML reports named {origin|path}_{in|out}.html under OutputDir after analyzing each raw flow file. These reports show the ``top'' Autonomous Systems with which your site exchanges traffic.
A WebProxyIfIndex directive was added to the CampusIO report. This allows one to specify the index of the interface to which HTTP traffic is being transparently redirected. This enables FlowScan to properly count HTTP flows even though NetFlow v5 does not accurately report the nexthop value for flows which are transparently redirected via a Cisco route-map.
CampusIO now contains a fix for a bug introduced in FlowScan-1.005 which would sometimes cause perl to abort with this message: patricia.c:645: patricia_lookup: Assertion `prefix' failed.