|   HOME   |   RESEARCH   |   DATA   |   TOOLS   |   PUBLICATIONS   |   WORKSHOPS   |   PROJECTS   |   FUNDING   |
CAIDA Home
 measurement | taxonomy | utilities | visualization  
 www.caida.org > tools : measurement : : cflowd
    visit     contact     search:
CAIDA: Cooperative Association for Internet Data Analysis
cflowd: Traffic Flow Analysis Tool | .status..plans..comments. |

-----summary of contents-----
cflowd is a flow analysis tool currently used for analyzing Cisco's NetFlow enabled switching method. The current release (described below) includes the collections, storage, and basic analysis modules for cflowd and for arts++ libraries. This analysis package permits data collection and analysis by ISPs and network engineers in support of capacity planning, trends analysis, and characterization of workloads in a network service provider environment. Other areas where cflowd may prove useful include usage tracking for Web hosting, accounting and billing, network planning and analysis, network monitoring, developing user profiles, data warehousing and mining, as well as security-related investigations.

cflowd is no longer supported by CAIDA. Instead, please consider the use of flow-tools, which will provide a toolset for working with NetFlow data. flow-tools can also be used (like cflowd) in conjunction with FlowScan, maintained by Dave Plonka at the University of Wisconsin, Madison.


-----end summary of contents-----

cflowd:

Changes from 1.3b2 to 2.0

  • cflowd has been completely redesigned and reimplemented for the 2.0 release.
  • Added support for v1 flow-export.
  • All tables are now per input interface.
  • New tabular data: port matrix, interface matrix, nexthop table. The old port table has been replaced by the more granular port matrix.
  • A new cflowdmux process which permits access to raw flow packets.
  • A fully functional central collector is now included (cfdcollect). This allows you to archive time-series tabular data from multiple instances of cflowd.
  • All counters are 64 bits.
  • New filtering code is significantly faster; flowdump benefits from the increased performance.
  • Local clients (cfdases, cfdnets, et. al.) will show the time interval for current data.
  • Local clients can show pkts/sec and bits/sec in addition to packet and byte counters.
  • Added manpages.
  • mmap() is gone for the tabular data; local clients connect to a UNIX domain socket to view current data. This removed a lot of code complexity.

Components

The cflowd system contains four major components:
  • cflowdmux
    This is the program that acts as the receiver of flow-export data from one or more Cisco routers. It writes raw packets into shared memory, and permits clients to have access to raw flow data. An example client (flowwatch) is included.
  • cflowd
    cflowd takes data from raw flows (collected by cflowdmux) and creates tabular summaries of traffic data (AS matrix, net matrix, port matrix, interface matrix, nexthop table and protocol table). It also acts as a server of tabular data to cfdcollect.
  • cfdcollect
    This is a central collector which collects data from instances of cflowd. It is used to archive the tabular data at regular intervals, producing time-series data for each of the tabular data types. The archived data may be processed with arts++.
  • utilities
    There are a handful of utilities included in the package which may be used to examine data on the host(s) where cflowd is running.

Requirements

cflowd requires the arts++ package. You should download and install arts++ before downloading and building cflowd. cflowd needs header files and libraries from the arts++ package, and the arts++ package contains the C++ library for handling the data stored by cfdcollect (as well as a handful of utilities for aggregating and viewing the data).

Downloads

  • arts++
    arts++ is required by cflowd.
  • cflowd
    The latest release (currently in alpha state).

Other Documents

Mail Lists

A mailing list has been set up for the discussion of cflowd, at cflowd@caida.org. To subscribe or unsubscribe, send mail to:

cflowd-request@caida.org


with one of the following in the in the body of the message:

  subscribe
  subscribe username@host.domain
  
  unsubscribe
  unsubscribe username@host.domain
List Archive
The cflowd mailing list is archived at http://www.caida.org/dynamic/archives/cflowd/
The archive is updated nightly.

Cooperative Association for Internet Data Analysis (CAIDA)
  Last Modified: Tues Aug-15-2006 12:21:34 PDT
  Maintained by: Daniel McRobb
  Page URL: http://www.caida.org/tools/measurement/cflowd/index.xml