Interesting netflow entry

• Previous message (by thread): Interesting netflow entry
• Next message (by thread): Interesting netflow entry
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bill Nash wrote:

> You may find it far simpler to just ask the person who owns the 
> sources that those packets are. While this may not be politically 
> feasible (insert network and privacy policies here), given the amount 
> of VPN traffic that's encapsulated in UDP, that may be anything. The 
> problem with netflow is that it does reveal many interesting, hypnotic 
> patterns inside your network. Having spent my share of time on the 
> receiving end of that lunacy, I can only offer this advice: Drinking 
> from the firehose is only funny for a little while.
>
> Depending on your deployment method (transit flow monitoring vs 
> locally sourced, data center vs office campus, college campus vs four 
> hippies with tin cans), identifying flows may be far easier if you 
> have a network inventory to refer to. Even something as simple as 
> parsing XML output from NMAP into a db will give you better insight 
> into what your flows are.
>
> Incidentally (because I ask everyone this), what's your flow volume 
> (flows per second)?
>
> - billn
>
Cannot get ahold of the machine until tomorrow. I did a 'wc' on 4 
devices for 5 minutes and it comes out to just under 3600, about 11-12 
per second...

-Wil

• Previous message (by thread): Interesting netflow entry
• Next message (by thread): Interesting netflow entry
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]