QoSient commercial and open source technologies are being used this week to help build out and manage the SDN network at the Open Networking Summit in Santa Clara, Calif. USA. The ONS shares and explores the key developments and deployments in the quickly-evolving world of OpenFlow/SDN; bringing together engineers, business leaders and researchers, creating a complete ecosystem of all the key SDN stakeholders.
Argus @ ONS is the direct result of the work we've been doing with Pluribus Networks and Stanford University, at the Stanford SDN testbed, where Argus is the situational awareness technology for a large chunk of Stanford's campus network.
If you have a chance, go by and tell Chas, Hi !!!!
The current set of stable source code can be grabbed from these links:
Argus FloCon 2014 presentations are now available from FloCon Proceedings. Be sure and checkout the Argus PCR presentation, as we show the new Producer / Consumer Ratio metric and how it can be used to detect exfiltration, even DNS convert channel based exfiltration.
Argus-3.0.6 is now being used to drive some really great network visualizations for GLORIAD, the advanced science interent network that connects US, Russia, China, Korea, Canada, The Netherlands, India, Egypt, Singapore and Nordic scientists with Advanced Cyberinfrastructure. Checkout the various visualizations, including GLORIAD Earth.
Welcome to Argus, the network Audit Record Generation and Utilization System. The Argus Project is focused on developing all aspects of large scale network activity audit. Argus, itself, is advanced flow technology, going from packets on the wire to network flow data, to network forensics data; all in support of Network Operations, Performance and Security Management. If you need to know what is going on in your network, right now or way back then, you will find Argus a useful tool.
Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...
Argus is used by many sites to establish network activity audits, which are then used to supplement traditional IDS based network security. These sites use contemporary IDS technology like snort and/or Bro to generate events and alarms, and then use the Argus network audit data to provide context for those alarms. In many do it yourself efforts, argus runs concurrently with an IDS/IPS on the same high performance device. The network audit data that Argus generates is great for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting very slow scans, covert channels, and supports Zero day event analysis. The network transaction audit data that Argus generates has also been used for a wide range of other tasks including Network Billing and Accounting, Operations Management and Performance Analysis.
Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.
Page Last Modified: 14:03:22 EST 03 Mar 2014 © Copyright 2000 - 2014 QoSient, LLC. All Rights Reserved.