nfreplay -r capture.pcap -p 2055 -H 127.0.0.1 nfcapd -p 2055 -l /tmp -D -v 3
# nfdump query: flows with only outgoing packets nfdump -R /data/nfcapd -r 'host 10.0.0.5 and pkts eq 1 and bytes lt 100' netflow tools
(originally developed by Cisco, but now an industry standard) is essentially the metadata of your network. It doesn't record the actual video of the movie (the payload of the packet); it records the script, the actors, the time, and the duration. nfreplay -r capture
This is for the engineers who love building their own engines. uses the Elastic Stack (ELK) to ingest NetFlow data. It creates stunning dashboards (think Kibana visualizations) that let you slice and dice data however you want. It requires more setup, but the flexibility is unmatched. uses the Elastic Stack (ELK) to ingest NetFlow data
Because while encryption (HTTPS/TLS) hides the content of the traffic from prying eyes, it cannot hide the existence of the traffic. You can encrypt a bomb threat, but you can't hide the fact that a laptop in Accounting is talking to a known malicious IP in a country you don't do business with.