pmacct - Multi-Purpose Passive Network Monitoring Tools | HACK4NET

pmacct is a small set of multi-purpose passive network monitoring tools. It can account, classify, aggregate, replicate and export forwarding-plane data, ie. IPv4 and IPv6 traffic; collect and correlate control-plane data via BGP and BMP; collect infrastructure data via Streaming Telemetry. Each component works both as a standalone daemon and as a thread of execution for correlation purposes (ie. enrich NetFlow with BGP data). pmacct main features are:

Suitable to ISP, IXP, CDN, IP carrier, Cloud, DC and hot-spots enviroments and SDN solutions
Runs on Linux, BSDs, Solaris and embedded systems
Support for both IPv4 and IPv6
Collects data through libpcap, Netlink/NFLOG, NetFlow v1/v5/v7/v8/v9, sFlow v2/v4/v5 and IPFIX
Collects Streaming Telemetry data (from 1.6.0)
Supports Cisco NEL for CGNAT scenarios and Cisco NSEL
Saves data to a number of backends including:

Relational databases: MySQL, PostgreSQL and SQLite
noSQL databases: MongoDB and BerkeleyDB
AMQP message exchanges: RabbitMQ
Kafka message brokers
memory tables
flat files

Exports data to remote collectors through IPFIX, NetFlow v5/v9 and sFlow v5
Replicates incoming IPFIX, NetFlow and sFlow packets to remote collectors
Flexible architecture to tag, filter, redirect, aggregate and split captured data
Comes with:

a BGP daemon/thread for efficient visibility into the inter-domain routing plane. Read more here.

Supports BGP/MPLS VPNs rfc4364, Label Unicast rfc3107
Supports BGP ADD-PATHs (draft-ietf-idr-add-paths) for visibility of BGP multi-path routes
Can log live BGP messaging and/or dump BGP tables per peer at regular time interval

a BMP daemon/thread to gain insight in BGP data, events and statistics
an IS-IS/IGP daemon/thread for visibility of internal routes

Packet classification via nDPI (from 1.7.0)
Inspection of tunnelled traffic (ie. GTP)
GeoIP lookups leveraging Maxmind library
Pluggable architecture for easy integration of new capturing environments and data backends
Careful SQL support: data pre-processing, triggers, dynamic table naming
It's free, open-source, developed and supported with passion and open mind for more than 10 years

Github Project

Suitable to ISP, IXP, CDN, IP carrier, Cloud, DC and hot-spots enviroments and SDN solutions
Runs on Linux, BSDs, Solaris and embedded systems
Support for both IPv4 and IPv6
Collects data through libpcap, Netlink/NFLOG, NetFlow v1/v5/v7/v8/v9, sFlow v2/v4/v5 and IPFIX
Collects Streaming Telemetry data (from 1.6.0)
Supports Cisco NEL for CGNAT scenarios and Cisco NSEL
Saves data to a number of backends including:

Relational databases: MySQL, PostgreSQL and SQLite
noSQL databases: MongoDB and BerkeleyDB
AMQP message exchanges: RabbitMQ
Kafka message brokers
memory tables
flat files

Exports data to remote collectors through IPFIX, NetFlow v5/v9 and sFlow v5
Replicates incoming IPFIX, NetFlow and sFlow packets to remote collectors
Flexible architecture to tag, filter, redirect, aggregate and split captured data
Comes with:

a BGP daemon/thread for efficient visibility into the inter-domain routing plane. Read more here.

Supports BGP/MPLS VPNs rfc4364, Label Unicast rfc3107
Supports BGP ADD-PATHs (draft-ietf-idr-add-paths) for visibility of BGP multi-path routes
Can log live BGP messaging and/or dump BGP tables per peer at regular time interval

a BMP daemon/thread to gain insight in BGP data, events and statistics
an IS-IS/IGP daemon/thread for visibility of internal routes

Packet classification via nDPI (from 1.7.0)
Inspection of tunnelled traffic (ie. GTP)
GeoIP lookups leveraging Maxmind library
Pluggable architecture for easy integration of new capturing environments and data backends
Careful SQL support: data pre-processing, triggers, dynamic table naming
It's free, open-source, developed and supported with passion and open mind for more than 10 years

Github Project