ElastiFlow
picosnitch
Our great sponsors
ElastiFlow | picosnitch | |
---|---|---|
31 | 33 | |
2,311 | 572 | |
- | - | |
4.1 | 8.6 | |
over 2 years ago | 4 months ago | |
Shell | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ElastiFlow
- NETFLOW .. NTOPNG how to ?
- Seaching for How To install Elastiflow
-
Into my 6th year of this ... hobby?
As a matter of fact, I played with the now deprecated Elastiflow, however I couldn't get my head around managing ELK, scrapped it pretty quickly, and Netflow did not reach the meaningful stage at that time. OpenNMS looks pretty massive that I can't run it at the moment. Thanks for suggestion though.
-
Threat detection
One thing I ran for a while was security onion and utilized port mirroring to mirror the uplink port from my primary switch to my LAN on my router, so I was catching anything coming into/out of my network destined for internet. I've also used ElastiFlow ( https://github.com/robcowart/elastiflow ) which is absolutely phenomenal and awesome, I did the same and it provides some great data. You could also leverage IntelOwl ( https://github.com/intelowlproject/IntelOwl ) , one thing I have added to all my VMs is a OSSEC agent, Wazuh to be specific which is free ( https://github.com/wazuh/wazuh ) and while I am not using it to its full potential such as monitoring file deletions/modifications etc it is a powerful tool.
- Linux Network Traffic Monitor
-
Monitoring all inter-VLAN traffic on 9410 switch?
I'd recommend taking a look at Elastiflow (link is to the legacy version, I haven't used the pay structured tier version that replaced it) as a flow collector. Do it in a docker container, dump netflow to it, and use a sample rate that doesn't fill your collector box with flow packets after a single day. Depends on your traffic rates. We use 1 out of 250 for our rate.
-
Netflow bit rate and Interface Bit Rate
https://github.com/robcowart/elastiflow/issues/201 https://github.com/robcowart/elastiflow/issues/52
- Network Traffic visualization
- ElastiFlow help
-
Installation help, almost there.
Where as the newer version is (https://github.com/robcowart/elastiflow/) is called:
picosnitch
-
Linux runtime security agent powered by eBPF
Yep, and from my experience too (made a tool that monitors network traffic with eBPF [1]) in addition to those issues there is also a sizable latency hit.
[1] https://github.com/elesiuta/picosnitch
-
Monitor bandwidth usage with bandwhich (and build a snap package of it)
Similar to bandwhich, I recently created a snap of my own bandwidth monitor, picosnitch [1]. However I was only able to get it working with classic confinement (so it can't be published on the store) due to there being no snap interfaces for fanotify or BPF kfuncs.
I already packaged it for nearly every distro, but unfortunately most don't have dash [2] in their repos so the user needs to install it separately, and I was hoping that snap would be an easier solution for that.
[1] https://github.com/elesiuta/picosnitch/blob/master/snap/snap...
[2] https://repology.org/project/python:dash/versions
-
What kind of applications are missing from the Linux ecosystem?
I created picosnitch which can do this
-
gnome-shell Runaway Bandwidth - More in Comments
If you're still having this issue, you can try picosnitch (I recently made it available in copr).
-
Help identifying which process is sending network requests
You can use picosnitch for this, I'm the developer and this is exactly the use case I had in mind when designing it (24/7 monitoring of traffic on a per executable basis, primarily in containerized environments).
-
Little Snitch Mini
I wrote picosnitch [1] which has the same notification and bandwidth monitoring features, however it doesn't block traffic for a couple reasons: avoiding scope creep so I can focus on more reliable detection and do things like hash every executable, which makes it harder to block traffic in a timely fashion.
https://github.com/elesiuta/picosnitch
-
System monitor that lists network usage for each process
I also wrote a program (picosnitch) which is newer than that list and has a bunch of features none of those other tools have, in case you're interested in checking it out!
-
linux security
which basically says launchpad builds the package directly from that repository, which states: This repository is an import of the Git repository at https://github.com/elesiuta/picosnitch.git.
-
Linux software list. Discussion and advice welcome!
picosnitch - monitors and hashes programs that connect to the internet, and can check them with VirusTotal.
-
What's your goto open source network & bandwidth monitors
For Linux, I created picosnitch which does exactly what you're looking for.
What are some alternatives?
ntopng - Web-based Traffic and Security Network Traffic Monitoring
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
pfelk - pfSense/OPNsense + Elastic Stack
goflow2 - High performance sFlow/IPFIX/NetFlow Collector
LibreNMS - Community-based GPL-licensed network monitoring system
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
Netdata - The open-source observability platform everyone needs
conntrack_exporter - Prometheus exporter for tracking network connections
loki - Like Prometheus, but for logs.
nsntrace - Perform network trace of a single process by using network namespaces.
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
portmaster - 🏔 Love Freedom - ❌ Block Mass Surveillance