Network Traffic Collection

Thu Feb 23 23:30:52 UTC 2012

Netflow / Sflow with one of the fallowing software packages

http://www.plixer.com/products/netflow-sflow/scrutinizer-netflow-sflow.php
http://www.solarwinds.com/NetFlow

http://www.arbornetworks.com/
Or the hand full of other open source options out there.

Carlos Alcantar
Race Communications / Race Team Member
101 Haskins Way, So. San Francisco, CA. 94080
Phone: +1 415 376 3314 / carlos at race.com / http://www.race.com

-----Original Message-----
From: Maverick <myeaddress at gmail.com>
Date: Thu, 23 Feb 2012 15:19:24 -0500
To: Jeroen Massar <jeroen at unfix.org>
Cc: "nanog at nanog.org" <nanog at nanog.org>
Subject: Re: Network Traffic Collection

I want to be able to see information like how much traffic an ip send
over a period of time, what machines it talked to etc from this
perspective it should be IP based but I would really like to know how
other people do it.

Best,
Ali

On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar <jeroen at unfix.org> wrote:
> On 2012-02-23 21:11 , Maverick wrote:
>> Hello,
>>
>> I am trying to collect traffic traffic from pcap file and store it in
>> a database but really confused how to organize it. Should I organize
>> it on connection basis/ flow basis or IP basis.
>>
>> It might be an effort to write a customized traffic analysis tool like
>> wireshark with only required functionality. I would really appreciate
>> if someone can give me direction on write way of organizing the data
>> because right now I only see individual packets and no way of putting
>> them in some order.
>
> Does this all not completely depend on what you actually want to do with
> it? You might want to start there instead of the other way around.
>
> Greets,
>  Jeroen
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5571 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120223/aea022a7/attachment.bin>