With the idea to get out more from the netflow data fetched by Nfdump and with special needs of our customers, we added some new and useful functionalities to make Nfdump even more interesting and useful for your network traffic analysis.
First of all, Nfdump is a collection of tools to collect and process netflow data on the command line. The netflows are typically gathered from network routers or from our nBoxes and stored on a 5 min base on the hard disk.
The standard Nfdump version shows you the average transfer rates of a netflow. But what if you are interested in the minimum and maximum transfer rate? You would have to analyze every single transaction from a specific port to another. So, the first functionality we introduced, is the output of the minimum and maximum bit/s to the standard command line output of Nfdump (see columns min_bps and max_bps ).
Here an example command and its output:
Sometimes it is very useful to analyze which is the traffic going out from your network, or coming in, or even which is the internal traffic. You may have the need to analyze how much traffic this is and how fast it is. For this purpose we introduced the new parameter -C, which lets you indicate which are your own networks. In this way, Nfdump is able to categorize your traffic and telling you, which flows are going out or coming into your network. Additionally, with the parameter -d you have the possibility to specify which traffic should be displayed, for example with -d out only the outgoing traffic is displayed (-d in shows only the incoming traffic).
Here an example output where only outgoing traffic is displayed:
The last feature we added is another new parameter, -P, which gives you the possibility to indicate times instead of the path to the Nfdump files. In this case Nfdump chooses automatically the right Nfdump files to satisfy requests in this time range.
Here a sample output where we have specified the timeperiod of 24.08.2015 from 08:00 to 09:00: