Tag Archives: silk

Detecting Tor network traffic with YaF and Python

This entry continues a series of posts on identifying Tor network traffic and usage. The entry will demonstrate how to parse the output of YaF records via mediator using a Python script in order to determine if the SSL certificate … Continue reading

Posted in network, security | Tagged , , , | Leave a comment

Detecting Tor network traffic with SiLK

This entry continues a series of posts on identifying Tor network traffic and usage. This post is not to argue the merits of allowing Tor to run on a network. However, the entry will demonstrate how to create a set … Continue reading

Posted in network, security | Tagged , , | Leave a comment

Variance in rwfilter results from netflow v5 and YaF

Looking over some netflow data I notice some variance between the two sensors. Sensor s0 is v5 netflow data from a Cisco switch, s1 is from a network tap listening between a Router on a Stick and said Cisco switch. … Continue reading

Posted in security | Tagged , | Leave a comment

Configure YAF on Linux for NetFlow collection from a network tap or SPAN

In a previous post SiLK was setup on a Debian host using NetFlow v5 from a Cisco switch. This worked well but I also have a network tap and said Cisco switch is capable of capturing data via SPAN port(s). … Continue reading

Posted in security | Tagged , , , | Leave a comment

Configure SiLK on Linux for NetFlow collection from a Cisco router

This guide walks through configuring SiLK from a source install on a Debian 6 host in order to collect NetFlow data from a Cisco router. The guides here and here written by CERT NetSA are quite good but lack some … Continue reading

Posted in security | Tagged , , , | 2 Comments