Softflowd
Softflowd is flow-based network traffic analyser capable of Cisco NetFlow™ data export. Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow™ to a collecting host or summarised within softflowd itself.
NB. If you are using OpenBSD, you may be interested in my pfflowd software instead. pfflowd uses the PF packet filter's stateful connection tracking to monitor flows rather than implementing it in software.
Mailing list
The netflow-tools mailing list is available for softflowd discussion, support, development and release announcements.
News
Mon, 28 Mar 2011: Project moved to Google Code
softflowd has moved to Google Code. Release tarballs are available from there and should download quite a bit faster. Revision control now uses Mercurial, which supports local branches and modifications much better than CVS. Bug tracking remains at bugzilla for now, but it might too move in the future.
Moving to Google Code makes it much easier to add additional developers to the project. If you have contributed in the past to softflowd and are interested in becoming a developer, then please let me know.
Thu, 02 Nov 2006: softflowd-0.9.8 released
It has been over a year since the last release of softflowd, but I'm happy to announce that softflowd-0.9.8 has just been released. This release collects a number of small (but important) bugfixes that have accrued over the last year along with a couple of new features. See the release notes for details.
Fri, 14 Jan 2005: softflowd-0.9.7 released
softflowd-0.9.7 released. This release fixes some bugs and adds some options to facilitate export of flow records to multicast groups.
Mon, 10 Jan 2005: Mailing list created
I have just created a new mailing list for the discussion of softflowd and the other NetFlow tools developed here. Development and support of the tools are on-topic and I will send announcements of new releases there too.
Thu, 30 Sep 2004: softflowd-0.9.6 released
softflowd-0.9.6 has just been released. This version adds support for the NetFlow v.9 export format and tracking of IPv6 flows.
Details
Softflowd semi-statefully tracks traffic flows. Upon expiry of a flow, its statistics are accumulated and reports them to a designated collector host using the standard NetFlow protocol. Currently the statistics collected are summaries only: min/max/avg/total bytes, packets on a aggregate or per-protocol basis.
Softflowd can export using NetFlow version 1, 5 or 9 datagrams and it is fully IPv6 capable: it can track and report on IPv6 traffic and flow export datagrams can be sent to an IPv6 host. Any standard NetFlow collector should be able to process the reports from softflowd.
As softflowd watches traffic promiscuously, it is likely to place additional load on hosts or gateways on which it is installed. However, this implementation has been designed to minimise this load as much as possible. Alternately, softflowd can read pcap save files recorded from tcpdump and friends.
Unless reading from a traffic dump, softflowd run as a daemon. A "remote control" program (softflowctl) is included which allows runtime control and extraction of statistics from a daemonised softflowd.
Softflowd is developed on Linux and OpenBSD. It requires libpcap and its associated headers to build, these are available from tcpdump.org, or from your operating system vendor. As of version 0.9, there is some support for Solaris but this is still experimental.
Download
softflowd is now hosted at Google Code. You can download tar releases or pull the current development source from there.