Extreme Happy Netflow Tool

Hosted at SourceForge | Project Page | Screens | Download |

Welcome to EHNT, the Extreme Happy Netflow Tool

The purpose of this EHNT (pronounced 'ent') is to get some useful information from netflow (version 5 only) without too much trouble. The typical EHNT user is a network administrator operating routers capable of exporting netflow packets.

Netflow operates in several modes. It will dump flow records in human-readable form. It will also provide reports on top ASes, IP protocols, and tcp/udp ports. The reports can be generated over various intervals, from 1 minute to 1 day.

Netflow links:

a paper from Cisco
cflowd is the best-know netflow server, from CAIDA. This site also has an excellent FAQ section which may be of help if you are having trouble with EHNT (particularly the AS 0 stuff).

Download(s)

Version 0.4 of EHNT is now available for download. Go to the project page to get it.

Screenshot(s)

Here is EHNT running in "top" mode. This is a 6-hour report for a single port. It shows average utilizations of the top ASes. ( Some AS names/numbers have been removed to protect the evil.)

Here is EHNT's command-line help, followed by a dump in which only the first flow using port 443 was requested. (Some AS names/numbers have been removed to protect the stupid.)