Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Networking BSD

Yes, You Too Can Be an Evil Network Overlord With OpenBSD 49

Posted by Unknown Lamer from the using-pflow-for-fun-and-profit dept.
badger.foo writes "Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course." From the article: " The NetFlow protocol was invented at Cisco in the early 1990s. It's designed to collect traffic metadata, where the basic unit of reference is the flow, defined as the source and destination IP address pair, the matching source and destination port for protocols that use them, the protocol identifier, time started and ended, number of packets sent, number of bytes sent, and a few other fields that have varied somewhat over the NetFlow versions. ... On OpenBSD, various netflow sensors and collectors had been available for a while when the new network pseudo device pflow debuted in OpenBSD 4.5."
This discussion has been archived. No new comments can be posted.

Yes, You Too Can Be an Evil Network Overlord With OpenBSD More

Yes, You Too Can Be an Evil Network Overlord With OpenBSD

Comments Filter:
  • Is this news? It is certainly nerdy.

    • Re: (Score:1)

      by Anonymous Coward

      Post it on soylentnews and see what we/us think...

  • Why is this post full of fake characters?

  • All thanks to OpenBSD, eh? (Score:5, Informative)

    by Kichigai Mentat ( 588759 ) on Thursday February 27, 2014 @04:14PM (#46362163) Journal
    This isn't news. This isn't news at all! And it isn't even remotely shocking. TCP/IP tells you where a packet came from and where it wants to go, so that information is pretty easy to sniff, and originally Ethernet was just one big coax cable and everyone just shouted into, hoping the other machine would hear them, so it's no shock that something like this could sit on the network and collect all this data. There's nothing inherent about OpenBSD that makes this special.

    • Plus, OpenBSD 4.5 is about ... 5 years old, or something like that!

      • Re: (Score:1)

        by Anonymous Coward

        OpenBSD 4.5 is when support for the NetFlow protocol was introduced... as mentioned in the article sourced by this /. entry.

    • Yes, all you need is tcpdump, punchcards and butterflies.

      What do you use then to limit the bandwidth to/from certain sources, and monitor the bandwidth of certain types of traffic, e.g. on Linux? A port of this would be useful. In my usage scenario, a few hundred users share a upstream network, and the traffic from a few (youtube, streams) can dominate the others, making web pages slow for the others. A fair distribution would be nice, but when fewer users are online, the full bandwidth should be available.

      • I haven't a clue. Maybe there is, maybe there isn't. All I know is that there's nothing about BSD itself that makes this possible, so it seems reasonable to assume that such tools exist or can be created on other platforms.

        • Re: (Score:1)

          by Anonymous Coward

          It isn't that no other tool exists, it's that it's done well compared.

          Same with pf vs iptables.

          Get a pf configuration file, and an iptables configuration file. Show the two to someone who doesn't know much about routing. They will likely be able to tell what the pf file is doing, and be clueless about the iptables file.

    • Nobody is saying that this is "news" (Score:4, Insightful)

      by plasticsquirrel ( 637166 ) on Thursday February 27, 2014 @10:15PM (#46365009)
      This is an article helping people understand more about tools that ship in OpenBSD, and how they can be used in neat ways. Maybe you don't find anything informative or interesting, but I did and many others may too. Computing is a broad field, and not everyone has exposure to these networking tools. This is the sort of thing that should be on Slashdot, rather than "Why aren't there more female computer science majors so we can drive down wages?" type of "news items."

  • Metadata = Spying! (Score:4, Funny)

    by mythosaz ( 572040 ) on Thursday February 27, 2014 @04:32PM (#46362363)

    It's designed to collect traffic metadata, where the basic unit of reference is the flow, defined as the source and destination IP address pair, the matching source and destination port for protocols that use them, the protocol identifier, time started and ended, number of packets sent, number of bytes sent, and a few other fields that have varied somewhat over the NetFlow versions.

    Alert the authorities. The three-letter folks want to get some of this metadata!

  • Despite the other comments in this thread I'm going to stick my neck out and say "Excellent". OpenBSD pf/carp was an excellent piece of work, it's great to see the obvious being implemented in a nice way that makes sense. Why all the hate?
  • just wait until they discover ( re-discover ) SNMP and all the hooks in there. Reminds me of the time our local news discovered, with horror, IRC.

    • Re: (Score:2)

      by jon3k ( 691256 )
      Yeah I don't get it, NetFlow is news? We (and everyone else) has been using this in production environments for about 20 years.

  • huh? (Score:2)

    by epyT-R ( 613989 )

    Wouldn't just about everyone who comes here know what netflow is? Why openbsd? netflow is available everywhere now.

    • Wouldn't just about everyone who comes here know what netflow is?

      Not that I disagree that this isn't particularly newsworthy, but why would you assume most people who come here would know what netflow is?

      There was no entrance exam when I registered...

  • but... I'm already a network overlord... (Score:3)

    by David_Hart ( 1184661 ) on Thursday February 27, 2014 @05:33PM (#46363123)

    Does this mean that I need BSD to become Evil.....?

  • OpenBSD is for Evil Network Admins. OK, I can accept that. So what would Windows be for? Lawful Evil, I would assume. Same for OS X. Extending that, Linux might work for True Neutral, or maybe Chaotic Good. HURD is obviously Chaotic Neutral or Chaotic Evil.

  • welcome our new evil OpenBSD network overlords.

  • This is just a basic "How-to use Netflow on OpenBSD". Nothing more.

    IMHO, Netflow is interesting ONLY if you have no other way to gather info from hardware routers/switches. It's the only protocol likely to be supported.

    If, however, you can just mirror a port you're interested in (eg. the uplink), as you already would be doing with an IDS and similar, you don't need to bother with Netflow. Instead, you can get all the info you could want, with trivial ease, just by installing and running BandwidthD-2.x:

    • Re: (Score:2)

      by ruir ( 2709173 )
      I prefer to use netflow if the equipment supports it. Port mirroring is all fine and dandy with low volumes of traffic, however for higher volumes you dont have much of a choice. Netflow tracks the transactions for you, whilst with mirroring with will have to deal with fragmentation and maintaining tables of TCP flows. And with mirroring you will received much more data. Netflow used to be a CPU hog on the router side, nowadays the load is barely notable, and they will send off summaries of the flows/transa

Slashdot Top Deals

You will lose an important tape file.

Close