EHNT
Details
| Size: | 0K |
| Last Update: | 2008-06-01 22:45:40 |
| Version: | 0.4 |
| OS Support: | Linux |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | Nik Weidenbacher |
| Price: | $0.00 |
Description:
EHNT 0.4 is networking software developed by Nik Weidenbacher.
EHNT is a tool which turns streams of Netflow (version 5) data into something useful and human-readable. (Netflow is a UDP-based traffic reporting protocol created by Cisco, generated by Cisco, Juniper, Foundry, and other routers.)
Netflow operates in many ways. It will dump flow records in human-readable form. It will also provide reports on top ASes, IP protocols, and tcp/udp ports. The reports can be generated over various intervals, from 1 minute to 1 day.
Component programs are:
1. 'ehntserv' listens to netflow version 5 UDP packets, and also listens for client TCP connections. When a TCP client connects, the server starts forwarding all the netflow packets it receives (plus the IP address of the originating device) to that client.
ehntserv does not currently do any IP access control. I suggest that you use ipchains or iptables on your linux box, or IP Filter (ipf) (http://coombs.anu.edu.au/ipfilter/) on your Solaris or BSD box. I don't know what the current state of packet filtering is on other Unixes; IP Filter seems to support several.
2. 'ehnt' connects to ehntserv and displays the flows it receives in various ways. It currently has four modes (-m ):
- top mode displays average utilization by top ASes, IP protocols, or tcp/udp ports over a given interval (from 1 minute to 1 day).
Top mode is different when it focuses on a single interface on a single router, because then you get to see summaries of source and destionation for both inbound and outbound traffic. Otherwise, you just get summaries of source and destination.
- dump mode displays individual flows
- shortdump mode display individual flows in a more compact but hard
to read fashion
- colondump mode display individual flows in a machine-readable format.
And yes, I recognize that the name of this mode is unpleasant.
In all three modes, simple (REALLY simple) filtering can be done for AS
number, TCP/UDP port, IP protocol number, device sending the flow record,
and SNMP interface index.
You may think of ehnt in the three dump modes as a brain-dead and incredibly
simple tcpdump for netflow.
ehnt also has the silly and uninspiredly-named 'big' filter, in which it
only displays flows with are bigger (in packets or bytes) than any flow
received before it. This only makes sense in the three dump modes.
What's New in This Release:
Added Unix domain support for client connections, enabled by default
EHNT 0.4 supports different languages (including english). It works with Linux.
Downloading EHNT 0.4 will take if you use fast ADSL connection.
0 comments
Add to
EHNT Version History
| Product |
Date Added |
| EHNT 0.4 |
2008-06-01 22:45:40 |
Related Software
|
|
From category: Monitoring |
| bytetraf 1.0 is monitoring software developed by Dawid Michalczyk. bytetraf project is a small tool for monitoring traffic to and from your machine. The following information is printed to s... |
|
|
From category: Operating-Systems-Other |
| Asterisk Live CF card b-01 is operating systems other software developed by Asterisk Team. Asterisk Live CF card is, clearly, a compact flash install of asterisk that will give you a complete, runn... |
|
|
From category: Emulators |
| AdvanceMENU 2.4.12 is emulators software developed by Andrea Mazzoleni. AdvanceMENU is a frontend for AdvanceMAME, MAME, MESS, RAINE and any other emulator. AdvanceMENU runs in Linux, Mac OS... |
|
|
From category: Networking |
| Cyrus IMAP Server 2.1.18 is networking software developed by Carnegie Mellon. The Cyrus IMAP server is generally intended to be run on sealed systems, where normal users are not permitted to log in... |
|
|
From category: Boot |
| BootRoot 0.4 is boot software developed by Jonathan Rosenbaum. BootRoot creates a boot disk with lilo, a kernel and an initrd image. The initrd script mounts another root disk with a compressed (gz... |
|
|
From category: Networking |
| Fast Logging Project for Snort 1.6.0 is networking software developed by DG. Fast Logging Project for Snort is designed to gather alerts with payload from distributed snort sensors on a central ser... |
|
|
From category: Filesystems |
| ASFS filesystem driver 1.0 Beta 12 is filesystems software developed by Marek Szyprowski. ASFS is a filesystem driver for the Linux kernel that adds support for the Amiga SmartFileSystem. ASFS file... |
|
|
From category: Hardware |
| chan_misdn 0.2.1 is hardware software developed by beroNet GmbH. chan_misdn is a channel driver for the open source PBX Asterisk for using ISDN BRI/PRI devices that are supported by mISDN. chan_mis... |
|
|
From category: Networking |
| NS2Html is a tool created to convert the config file extracted from Netscreen devices into friendly HTML rulebases.... |
|
|
From category: Software-Distribution |
| Colonist 0.9.7 is software distribution software developed by A. Alper Atici. Colonist is a meta-distribution that exploits existing live CD Linux distributions by adapting them to the coLinux plat... |
|
|
From category: Filesystems |
| DARE 1.0 is filesystems software developed by Marek Zelem. DARE is a small Linux kernel patch to VFS (Virtual Filesystem) which transparently moves files into a special directory on each filesystem... |
|
|
From category: Clustering-and-Distributed-Net |
| Berkeley Unified Parallel C 2.4.0 is clustering and distributed net software developed by University of California, Berk. Unified Parallel C, in short UPC, is an extension of the C programming lang... |
|
|
From category: Archiving |
| BinChunker 1.2.0 is archiving software developed by Heikki Hannikainen. BinChunker converts a CD image in a \".bin / .cue\" format (sometimes \".raw / .cue\") to a set of .iso and .cdr tracks. \... |
|
|
From category: Installer-Setup |
| Feta 1.4.12 is installer/setup software developed by piman. Feta is a front end to various package management tools like dpkg, APT, and debconf. Feta provides a wrapper around these and other progr... |
|
|
From category: Monitoring |
| PasTmon measure the transaction response times of your web and application servers.... |
Leave a comment