Feeds
Pages
Categories
Tag Cloud
acrobat reader analysis anomaly detection backups blog bot cisco dd image debian defense dns email emet encryption evil bits exploits facebook google gpen gsutil ipv6 java linux live view mail malware metasploit microsoft windows netflow obfuscation photo gallery php physical security python sans shell scripting silk social networking squid proxy truecrypt vmdk vmware vulnerability scanning wordpress xenArchives
- May 2013
- March 2013
- January 2013
- November 2012
- September 2012
- July 2012
- June 2012
- February 2012
- December 2011
- October 2011
- August 2011
- July 2011
- June 2011
- April 2011
- March 2011
- January 2011
- November 2010
- August 2010
- May 2010
- February 2010
- January 2010
- December 2009
- October 2009
- September 2009
- May 2009
- March 2009
- February 2009
- January 2009
- December 2008
- October 2008
- September 2008
- August 2008
- July 2008
- May 2008
- March 2008
- February 2008
- January 2008
- May 2007
- March 2007
- February 2007
- December 2006
- October 2006
- September 2006
- August 2006
- April 2006
- March 2006
- February 2006
Tag Archives: netflow
Passive DNS collection and analysis using YaF and Mediator
Passive DNS is a useful tool for any analysts teams toolbox, I have noted several public sensors here but they only see data (queries and responses) that transverse their sensors. I have been working on setting up passive DNS using … Continue reading
Variance in rwfilter results from netflow v5 and YaF
Looking over some netflow data I notice some variance between the two sensors. Sensor s0 is v5 netflow data from a Cisco switch, s1 is from a network tap listening between a Router on a Stick and said Cisco switch. … Continue reading
Configure YAF on Linux for NetFlow collection from a network tap or SPAN
In a previous post SiLK was setup on a Debian host using NetFlow v5 from a Cisco switch. This worked well but I also have a network tap and said Cisco switch is capable of capturing data via SPAN port(s). … Continue reading
Configure SiLK on Linux for NetFlow collection from a Cisco router
This guide walks through configuring SiLK from a source install on a Debian 6 host in order to collect NetFlow data from a Cisco router. The guides here and here written by CERT NetSA are quite good but lack some … Continue reading