• PRODUCTS
  • INAV Server
  • INAV Client
    • GUI Client
    • Terminal Client
  • Traffic Generator
• DOWNLOAD
  • INAV Server
  • INAV Client
• ABOUT
  • Abstract
  • Video
  • Developers
    • Jeff Scaparra
    • Nathan Robinson
• SCREENSHOTS
  • Client
  • Defcon
• FAQ
  • Server
  • Client
    • GUI Client
    • Terminal Client
  • Traffic Generator
• DOCUMENTATION
  • User Guides
  • White Papers
• SUPPORT
  • Support Forum
  • Feature Request
  • Report a Bug
• MAILING LIST

The INAV server, inavd, is the workhorse of the INAV system. It provides data collection and processing of tens of thousands of connection information in real time. The server is multithreaded and utilizes the pcap library for sniffing of raw packets from the network.

The INAV server passively analyzes traffic and produce highly valuable informationin in real time.

As with any software, the better the hardware that it runs on the better the application will run. That said the INAV server can be used even in a production environment with realatively cheap hardware.

The server currently running in our testbed that is processing the data for the entire computer science department at a large university is:

• 1.4 Ghz PIII
• 512 KB Cache
• 512 MB RAM
• Gentoo Linux 2.6

Raw Data Capture - via monitor port on a switch

Pros

• Can See all the Traffic that the switch can see.
• Most managed switches can provide this data.

Cons

• If there is more data going across the backplane of the switch than the port can handle this data is droped.

Raw Data Capture - via network tap

Pros

• Can see all the traffic on the link that is tapped.
• As long as the tap interface is the same speed as the link packets won't be droped as when using the monitor port.

Cons

• Requires a network tap.
• Can't see any traffic that isn't traversing the link. So if this is on the border connection local traffic information is lost.

Local Computer

Pros

• Doesn't require any additional hardware.
• Good for mapping data on a personal computer.

Cons

• Can only see data to and from your computer/server.
• Server is only written for Linux

SFlow Data

SFlow is currently under development and is not ready for use.

Pros

• Can handle more traffic than all other methods.
• Can see all traffic sent by sflow devices.

Cons

• Requires special expensive hardware.
• Can't get exact bandwidth measurements.

Netflow Data

Netflow is planed for future development.

Pros

• Gathers packet data for all packets allowing acturate measurements of bandwidth.
• Can see all traffic sent by netflow devices.

Cons

• Not all switches are netflow capable.

The INAV server has the following requirements.

• The pcap library
• cppunit (optionally)

Stable Release

1. Download INAV-server.tar.gz
2. Untar the package - tar xzvf INAV-server.tar.gz
3. cd server
4. make

Subversion

WARNING this maybe broken, it is the developmental release.

1. svn co http://inav.scaparra.com/INAV/server/
2. cd server
3. make