Extended NetMate

NetMate is an extensible Open Source packet processing software for traffic measurements (bandwidth, delay/loss, etc.).

The Network Security Research Team at CRC has extended NetMate to include traffic profiling capabilities. The extended version analyses TCP/UDP flows to determine whether these flows contain signs of file transfers, human-interactivity, and other important behavioural characteristics. This version of the tool can be a very nice addition to the toolbox of network security analysts.

Tested on FreeBSD 7.1 amd64/i386
(1.0 MB)

This program is distributed under the GNU General Public License in the hopes that it will be useful, but WITHOUT ANY WARRANTY.

There are basic installation/usage instructions in the README.CRC file included in the release. This release also includes samples of signatures for profiling flows.

If you wish to obtain further documentation or more signatures, please contact the Network Security Research Team at networksystems-security@crc.gc.ca.

For more information on this subject, please consult the publications.