Home page logo
/

nanog logo nanog mailing list archives

Re: Network Traffic Collection
From: Owen DeLong <owen () delong com>
Date: Thu, 23 Feb 2012 16:38:48 -0800

PCAP is not well suited to what you describe. Most people use Sflow/Cflow/...
instead.

Owen

On Feb 23, 2012, at 12:19 PM, Maverick wrote:

I want to be able to see information like how much traffic an ip send
over a period of time, what machines it talked to etc from this
perspective it should be IP based but I would really like to know how
other people do it.

Best,
Ali

On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar <jeroen () unfix org> wrote:
On 2012-02-23 21:11 , Maverick wrote:
Hello,

I am trying to collect traffic traffic from pcap file and store it in
a database but really confused how to organize it. Should I organize
it on connection basis/ flow basis or IP basis.

It might be an effort to write a customized traffic analysis tool like
wireshark with only required functionality. I would really appreciate
if someone can give me direction on write way of organizing the data
because right now I only see individual packets and no way of putting
them in some order.

Does this all not completely depend on what you actually want to do with
it? You might want to start there instead of the other way around.

Greets,
 Jeroen




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault