Computer networks are growing, making it difficult to keep track of all the hosts and services running on these hosts on the network. Using traditional methods like port scanning to detect hosts and services is cumbersome, host intrusive, slow and has to be performed continuously in order to be sufficiently updated.
In this thesis, we look at implementing a passive asset detection system using NetFlow. This will allow network administrators to detect hosts and services on the network using network traffic data that they already have collected. It also makes it possible to get a quick glimpse of the network state at a specific time that could be months or even years back in time, the only limitation being the amount of NetFlow data collected.
Unlike other passive asset detection systems, like PRADS, using NetFlow makes us able to handle network traffic speeds up to several Gbit/s, or even Tbit/s. This makes a passive asset detection system using NetFlow data highly scalable and because it is capable of processing a lot of data it also has a high detection rate.