No file releases for now, it's just 3 files!
svn co https://taind.svn.sourceforge.net/svnroot/taind/trunk taind
You'll also need some data to use, ideally from flow-tools or cflowd, and the perl modules listed below
taind - tools for analyzing and interpreting netflow data
I wrote/am writing these tools to help understand my Internet traffic, and help me choose/evaluate peers.
The ideas that spurred this came from a NANOG paper called How to use Netflow Data to determine suitable peers (http://www.nanog.org/mtg-0510/pdf/steenbergen.pdf). Unfortunately the tools aren't available that I can find, so I wrote my own.
In a nutshell, I take netflow data, aggregate it, and spit it out in some XML data that I generate a treemap with. This software covers the aggregation and output part. The netflow collection is done with flow-tools. The thing that makes this software useful is that it accepts the output of "show ip bgp" from one or more routers and will generate the data based on that routing table. Thus, if you get a bgp table from a potential peer, you can see what your traffic would look like if you peer with them -- based on your actual traffic patterns.
The flow of data through the system:
Example:
flow-cat /var/flows/saved/ft-v07.2007-04-11.* \
| flow-nfilter -f /etc/flow-tools/cfg/filter.cfg -F from_network_a \
| flow-print \
| awk '{print $2 " " $7}' \
| ./bgpparse.pl --loadfile table_a,table_b:1234 > with1234-20070411.xml
The first three lines cat the binary netflow log files (line 1) through a filter (line 2) and into text format (line 3). Awk (line 4) removes all but the destination address and the octet count. The final line runs the simulation using two BGP tables. table_a is taken in its entirety, table_b is filtered to only return paths to a peer in AS 1234.
Once the XML file is generated, you can dump it to a treemap:
./treemap.pl with1234-20070411
Use the name of the file without .xml and it will put it in /var/www/html/asn/foo.png. (sorry for the static path, it'll be fixed soon)