IPFlow

From IPFlow Netflow Collector

(Redirected from Main Page)
Table of contents

Introduction

IPFlow is a Netflow collector developed by UTC (University of Technology of Compiegne, France) (http://www.utc.fr). The author is Christophe Fillot (mailto:cf@utc.fr).

It is provided without any warranty, with the hope it will be useful. This is not a commercial product, essentially developed during free time. It can be used for Netflow-IPv6 accounting, since it supports Netflow v9 and has IPv6 capabilities. If you are interested by this tool, you can send feature requests, ideas, bug reports, ... to the author. Any feedback will be appreciated :)

IMPORTANT: due to a recent server crash, the site has been transfered to another server. The download section will be available again very soon.
Update: All releases are available again, excepted for the Alpha platform.


Supported Operating Systems

IPFlow has been successfully compiled on the following platforms:

  • Linux (i386 and Alpha processors)
  • FreeBSD, OpenBSD (i386)
  • Solaris 9 (Sparc), Solaris 10 (i386)
  • Tru64 Unix (Alpha)


IPFlow may be able to compile on other architectures or OS (for example, NetBSD or MacOS X). Ask us if you are interested by a specific port.

IPFlow is written in C and is mainly developed/tested on a Linux/i386 platform (Debian).


Features

The main features of the IPFlow collector are:

  • Decoding of Netflow v1, v5, v7, v8 and v9 packets ;
  • Support of Netflow-IPv6 and Netflow-MPLS ;
  • Support of SCTP as export protocol (requires a special version);
  • Custom logging into binary and text files ;
  • Flow filtering with Access-Control Lists (ACL) ;
  • Site classification ;
  • RRDTool databases feeding ;
  • Aggregation of flows (custom fields);
  • Re-exporting Netflow datagrams ;
  • ...


IPFlow has post-treatment tools to manipulate binary output files:

  • "grep": performs a multi-criteria search (addresses, ports, etc.) ;
  • "top": computes top talkers (addresses, ports, ...) ;
  • "sdraw": fills RRDTool database ;
  • "concat": concatenates files ;
  • ...


IPFlow has also a "Netflow Simulator" that allows to generate Netflow packets from datagrams received on a Linux/Unix box (using PCAP). It is able to analyze IPv4 and IPv6 packets, on various layer-2 encapsulations, like raw Ethernet, 802.1Q ("QinQ" tunneling supported), Cisco ISL and MPLS frames.


There is also a list of planned features.


Download and Installation

IPFlow is very easy to install, since it consists in only one binary file. All required librairies are built-in, so no extra installation is required.

The current version is 0.49.8.8 (19-Sep-05).

  • Linux i386 binary (glibc 2.3)
  • Linux Alpha binary (glibc 2.3)
  • Solaris Sparc binary (Solaris 9)
  • Solaris i386 binary (Solaris 10)
  • Tru64 Alpha binary (Tru64 Unix 5.1B)
  • FreeBSD i386 binary (FreeBSD 5.4)
  • OpenBSD i386 binary (OpenBSD 3.7)


You can also consult the Release Notes and the Frequently Asked Questions (FAQ).


Documentation

You can download the documentation, provided in PDF format. This documentation also exists in french language.

The Configuration Examples section also provides information about particular features and their use.


Other projects