Talk With an Expert

NetFlow Collection and Analysis Using NFCAPD, Python, and Splunk

NetFlow Collection and Analysis Using NFCAPD, Python, and Splunk (PDF, 2.63MB)Published: 10 Feb, 2015
Created by
David Mashburn
David Mashburn

NetFlow data is often collected for network monitoring and management, but it has many applications for the security analyst. NetFlow data can be used to identify variations from established traffic baselines, traffic originating from critical systems, and communications with known bad external hosts. Many edge devices support the generation of NetFlow data, but the collection and analysis often requires commercial tools. Options based on open source and free tools will allow an analyst to deploy a solution when commercial solutions are not available due to budgetary or other organizational constraints. Solutions based on this proposed architecture will provide the required NetFlow data collection resources that can feed a variety of systems that could be leveraged for analysis. The reference architecture described utilizes Ubuntu server, the nfdump suite of tools, custom Python scripts, and the free version of a commercial tool for analysis.

Meet the expert

David Mashburn
David Mashburn

David Mashburn

Certified Instructor

David Mashburn has over 20 years of experience in the information technology field. He is currently Chief Information Security Officer at Embry-Riddle Aeronautical University.

Read more about David Mashburn