Skip to content
Jan 2 / Mike

NetflowDB VM released!!

NetflowDB screeny

 

Here is the latest version of NetflowDB in shiny 32Bit VM form!!

 

We had a few teething issues as far as creating a funky installer went so we decided to roll it into a VM in the meantime.

It is built on Ubuntu Server 32Bit and requires 1gb of ram and 40GB free space (this can be reduced if you like by resizing the vmdk)

We have tested it on VMware Fusion and Virtualbox and it seems to run fine.

 

The product is still in beta so I wouldn’t recommend relying on it too heavily until you have had a play with it.. but that being said, it’s working pretty nicely!!

 

There are lots more features we are working on so check here for updates!!

 

MD5: 86b4985ad7ba93e56a7f5e1430c8e8b6

Download Link: BROKE!!

Usage:

Run the VM and point a netflow exporter at port 9999 on the box!!

alternatively you can allow the vm to listen in promiscuous mode on interface 1 and connect it via a span port on your router (it has a netflow exporter built in too!)

then hit it up with your favourite browser (as long as it’s as good as google chrome!!) wait 5 minutes (to allow it to netflow all the things) and then click the refresh buttons at the top right of the page!! (the blacklist one takes around 2 minutes to update and only needs doing every few hours or so)

You will now be able to play with your nf data!! oooooooo!!!!

A video will be uploaded soon which explains how to get the data into Maltego for even more network forensics fun!!

 

This will probably help too:

u: netflowdb

p: netflowdb

Change them!!

If you wish to use the WHOIS lookup, tor list, and blacklist update feature you will need to allow it access to the interwebs.. also, I urge you to try and break it!! there are a few bugs which we know about but as far as we can see, there is nothing which presents a security risk.

We also recommend that you configure SSL, the libraries are all there however we didn’t create certs for the release version as we are firm believers in doing that sort of stuff yourself but if you get stuck then comment below and we will help.

 

NOTE: It takes around 6 minutes for the netflow data to start to propagate, if after this time you do not have any data delete the contents of /var/www/netflowdb/tmp/ (not sure what went wrong but we’re working on a fix)

 

– Mike

One Comment

leave a comment
  1. Matt Bullimore / Aug 29 2015

    Hey Mike

    I was at SANS London in 2013 when Steve spoke about netflow DB in one of the evening talks. It sounded amazing to detect data ex-filtration. Is it possible to get a copy of the VM? Im having trouble installing it from GitHub. I think i need much more basic install instructions!

    Cheers

    Matt.

Leave a Comment