Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yes, You Too Can Be an Evil Network Overlord With OpenBSD

Posted by Unknown on from the using-pflow-for-fun-and-profit dept.

badger.foo writes "Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course." From the article: " The NetFlow protocol was invented at Cisco in the early 1990s. It's designed to collect traffic metadata, where the basic unit of reference is the flow, defined as the source and destination IP address pair, the matching source and destination port for protocols that use them, the protocol identifier, time started and ended, number of packets sent, number of bytes sent, and a few other fields that have varied somewhat over the NetFlow versions. ... On OpenBSD, various netflow sensors and collectors had been available for a while when the new network pseudo device pflow debuted in OpenBSD 4.5."

8 of 49 comments (clear)

  1. All thanks to OpenBSD, eh? by Kichigai+Mentat · · Score: 5, Informative

    This isn't news. This isn't news at all! And it isn't even remotely shocking. TCP/IP tells you where a packet came from and where it wants to go, so that information is pretty easy to sniff, and originally Ethernet was just one big coax cable and everyone just shouted into, hoping the other machine would hear them, so it's no shock that something like this could sit on the network and collect all this data. There's nothing inherent about OpenBSD that makes this special.

    --
    Rawr
  2. Re:Really? by Anonymous Coward · · Score: 3, Insightful

    Still not nearly as useless as SlashBI, though!

  3. Metadata = Spying! by mythosaz · · Score: 3, Funny

    It's designed to collect traffic metadata, where the basic unit of reference is the flow, defined as the source and destination IP address pair, the matching source and destination port for protocols that use them, the protocol identifier, time started and ended, number of packets sent, number of bytes sent, and a few other fields that have varied somewhat over the NetFlow versions.

    Alert the authorities. The three-letter folks want to get some of this metadata!

  4. Good by eneville · · Score: 2

    Despite the other comments in this thread I'm going to stick my neck out and say "Excellent". OpenBSD pf/carp was an excellent piece of work, it's great to see the obvious being implemented in a nice way that makes sense. Why all the hate?

    --
    Why UNIX?
  5. but... I'm already a network overlord... by David_Hart · · Score: 2

    Does this mean that I need BSD to become Evil.....?

  6. Re:but... I'm already a network overlord... by genner · · Score: 4, Funny

    Does this mean that I need BSD to become Evil.....?

    No but it helps.

  7. Re:huh? by wonkey_monkey · · Score: 2

    Wouldn't just about everyone who comes here know what netflow is?

    Not that I disagree that this isn't particularly newsworthy, but why would you assume most people who come here would know what netflow is?

    There was no entrance exam when I registered...

    --
    systemd is Roko's Basilisk.
  8. Nobody is saying that this is "news" by plasticsquirrel · · Score: 3, Insightful

    This is an article helping people understand more about tools that ship in OpenBSD, and how they can be used in neat ways. Maybe you don't find anything informative or interesting, but I did and many others may too. Computing is a broad field, and not everyone has exposure to these networking tools. This is the sort of thing that should be on Slashdot, rather than "Why aren't there more female computer science majors so we can drive down wages?" type of "news items."

    --
    Systemd: the PulseAudio of init systems