Interesting netflow entry
Wil Schultz
wschultz at wilcomm.net
Tue Feb 7 00:30:33 UTC 2006
Bill Nash wrote:
> You may find it far simpler to just ask the person who owns the
> sources that those packets are. While this may not be politically
> feasible (insert network and privacy policies here), given the amount
> of VPN traffic that's encapsulated in UDP, that may be anything. The
> problem with netflow is that it does reveal many interesting, hypnotic
> patterns inside your network. Having spent my share of time on the
> receiving end of that lunacy, I can only offer this advice: Drinking
> from the firehose is only funny for a little while.
>
> Depending on your deployment method (transit flow monitoring vs
> locally sourced, data center vs office campus, college campus vs four
> hippies with tin cans), identifying flows may be far easier if you
> have a network inventory to refer to. Even something as simple as
> parsing XML output from NMAP into a db will give you better insight
> into what your flows are.
>
> Incidentally (because I ask everyone this), what's your flow volume
> (flows per second)?
>
> - billn
>
Cannot get ahold of the machine until tomorrow. I did a 'wc' on 4
devices for 5 minutes and it comes out to just under 3600, about 11-12
per second...
-Wil
More information about the NANOG
mailing list