3 comments on “Introducing FlowBAT, the Flow Analysis GUI

  1. This looks really cool! Does FlowBAT ( or SiLK for that matter ) de-duplicate flows for traffic passing through multiple flow-enabled routers?

    • Hey JG3!

      It doesn't deduplicate flows like this, but it does identify each individual router as a different flow source. Thus, you would be able to identify traffic flowing through your network as it hits multiple sensor. A really useful feature for tracking connections. You can do also narrow down which sensors you want to view using the --sensors option from the command line or using the Sensors box in the query builder in FlowBAT.

Leave a Reply