User login

Weekly Report 27/07/2015

27

Jul

2015

The application can now sort by device MAC, direction, ports and time (monthly, daily and hourly). It displays the usage, protocols and usage timeline. Next will be to create visuals to give an overview of all the devices impact on the network, and give the user the option to change from graphs to tables in order to get more detailed statistics.

I am looking at changing my collector (yet again) back to Netflow since I can see in my application that the amount of data uploaded is about 4 times that of downloaded data. This is because of sFlow sampling every 1/1024 packets on each interface i.e. 1 uplink interface vs 24 local interfaces. Netflow version 9 isn't possible given the hardware available so I looked into software which could export Netflow version 9 for me, and mirror the desired interfaces to the software. I found a program called softflowd which does this, but for some reason the MAC addresses are always zero. I have tested it on multiple machines with different collectors. I have contacted the creator of softflowd to see why the captured MAC addresses are always zero, and if it wouldn't be too much work for me to enable it to do so. Other than softflowd, there are no open source probes which can export Netflow version 9.

If this can't be done, I'll switch to using IP addresses to identify the local devices. While this won't be as useful due to dynamic IP's, it will make the application a lot more flexible.