MAPI, or Monitoring API, is a multi-user programming interface designed to simplify the development of network monitoring software and allows users to express their monitoring needs in a device-independent way. The main abstraction provided by MAPI is the network flow. Although flows have been used before in network monitoring systems, MAPI gives flows a first-class status. Applications that uses MAPI can specify what flows or flow statistics they are interested in by applying functions to flows. A MAPI function can be a BPF filter, string search, packet counter or more advanced like a NetFlow generator. These function will automatically run in hardware if there is support for it on the hardware being used.
AnonTool is an open-source implementation of the Anonymization API, which provides an easy to use, flexible, and efficient set of functions for network traffic anonymization. AnonTool operates either on live traffic or on captured packet traces in the tcpdump format. Currently AnonTool supports selective anonymization for the fields of the following protocols: IP, TCP/UDP, HTTP, FTP, Netflow v5 and v9.
Three applications have been implemented on top of this library. one provides basic anonymization functionality for the IP/TCP/UDP protocols, while two others anonymize version 5 and version 9 Netflow datagrams, respectively.
Network Emergency Responder & Detector - NERD - is a security monitoring tool that collects and processes NetFlow data. It can detect denial of service (DoS) attacks on your network and sets alarms. NERD also can search through collected NetFlow and analyse attacks or traffic behavior.
NERD was developed by SURFnet B.V. and TNO Information and Communication Technology.
Ruler is a program to generate highly efficient data rewriting systems. It was originally designed to filter and anonymize network packets, but it has a much broader range of applications.
Stager is a system for aggregating and presenting network statistics. Though tailored for using NetFlow data from the flow-tools package, it is generic and can be customized to present and process any kind of network statistics. The backend collects data with flow-tools and stores reports in a database, automatically handling the aggregation of hourly statistics into days, weeks, and months. The Web frontend presents data in tables, matrices, or plots. The reports are fully customizable, and their definitions are stored in the database.