Next: Investigation strategy
Up: Using the commandline interface
Previous: The easy way out
In this section, we give an overview of the available tools. More complete documentation on these tools is available on the Silktools website. The goal of this section is to provide a starting point.
Criteria for filtering flows are specified using the tool, rwfilter. Rwfilter accepts a set of field definitions and outputs flows in Silk format, which can be piped to other tools for further processing. These post-processing tools include:
- rwaddrcount to count source and destination IP addresses in the output.
- rwbag to build a binary bag file that contains populations of sub-flows.
- rwcat to simply display the flows.
- rwcount to display traffic variation across time.
- rwset to build an ipset of all destination IP addresses.
- rwtotal gives you the amount of traffic that matched the specified keys.
- rwuniq aggregate data based on arbitrary keys.
- rwipset build a binary ipset (in a format supported by rwfilter) from a list of IP addresses.
These are the most commonly used tools, amongst a few dozen others that you may consider using if your needs are complex.
Next: Investigation strategy
Up: Using the commandline interface
Previous: The easy way out
2008-09-23