What free tools or techniques exist to discover anomalies in network flows?

Question

I have been using FlowMatrix. What do others do on the cheap?

I was thinking more of tools to analyze netflow traffic, I guess saying "network flows" made the question ambiguous. — Tate Hansen, Nov 14 '10 at 18:05

score 6 · Answer 1 · answered Nov 12 '10 at 02:11

6

WireShark is a free tool you can use to monitor network traffic. Excellent tool to see if a hidden keylogger is trying to email and /or FTP logs because it usually has the address and password in the wireshark log.

answered Nov 12 '10 at 02:11

Jeremy

291
2
4

Given that the logs are not encrypted. – Olivier Lalonde Nov 12 '10 at 22:09

score 4 · Answer 2 · answered Jan 30 '11 at 23:16

4

I just saw a talk at Shmoocon about the YaF and SiLK tools that looked really good. YaF is a flow collector (which can collect other interesting data as well), and SiLK is an analysis package for them. There's even a nice GUI called iSiLK.

answered Jan 30 '11 at 23:16

Bill Weiss

777
3
15

score 3 · Accepted Answer · answered Nov 14 '10 at 11:31

3

OSSIM has an Anomalies tab that uses Ntop and can be configured with similar data.

When I did this stuff in the past, I used Ourmon.

answered Nov 14 '10 at 11:31

atdre

18,885
6
58
107

What free tools or techniques exist to discover anomalies in network flows?

3 Answers3

Linked