Home page logo
/

nanog logo nanog mailing list archives

Re: Network Traffic Collection
From: Peter Phaal <peter.phaal () gmail com>
Date: Thu, 23 Feb 2012 15:41:20 -0800

On Thu, Feb 23, 2012 at 1:59 PM, Justin M. Streiner
<streiner () cluebyfour org> wrote:
On Thu, 23 Feb 2012, Maverick wrote:

I want to be able to see information like how much traffic an ip send
over a period of time, what machines it talked to etc from this
perspective it should be IP based but I would really like to know how
other people do it.


Truth is that most people probably don't do it, beyond temporary, ad-hoc
deployments, to solve a specific problem at a specific point in time.
Traffic capture and analysis doesn't scale too well into multi-Gb/s service
provider environments.

Netflow tools are an option if 'reasonably accurate' is good enough for your
needs.

jms


For high speed switched Ethernet environments, consider using sFlow.

You can treat sFlow as remote packet capture and use Wireshark/tcpdump
for troubleshooting network traffic:

http://blog.sflow.com/2011/11/wireshark.html

Or use sFlow reporting tools to find IP sources, protocols etc.:

http://sflow.org/products/collectors.php

Which tool to choose depends on your requirements.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault