Pktvisor: Open source tool for network visibility - Help Net Security

Pktvisor: Open source tool for network visibility - Help Net Security

NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub.



The importance of applications and digital services has skyrocketed in 2020. Connectivity and resilience are imperative to keeping people connected and business moving forward. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance.


“NS1 created pktvisor to address our need for more visibility across our global anycast network,” said Shannon Weyrick, VP of architecture at NS1. “By efficiently summarizing and collecting key metrics at all of our edge locations we gain a deep understanding of traffic patterns in real time, enabling rich visualization and fast automation which further increase our resiliency and performance. We are big users of and believers in open source software. As this tool will benefit other organizations leveraging distributed edge architectures, we’ve made it open and we invite the developer community to help drive future updates and innovation.”


More about pktvisor


Pktvisor summarizes network traffic in real time directly on edge nodes with Apache data sketches. The summary information may be visualized locally via the included CLI UI, and simultaneously centrally collected via HTTP to your time series database of choice, to drive global visualizations and automation.


Metrics include:


Packet counts and rates (w/percentiles), breakdown by ingress/egress, protocol
DNS counts and rates, breakdown by protocol, response code
Cardinality: Source and destination IP, DNS Qname
DNS transaction timings (w/percentiles)
Top 10 heavy hitters for IPs and ports; DNS Qnames, Qtypes, Result Codes; slow DNS transactions, NX, SRVFAIL, REFUSED Qnames; and GeoIP and ASN