Let's talk about Distance Sniffing/Remote Visibility

Chance Whaley chance at dreamscope.com
Thu Mar 28 18:03:17 UTC 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Also note that sFlow can export it's data into tcpdump format.

.chance


From: http://www.inmon.com/sflowTools.htm

The sFlow toolkit provides command line utilities and scripts for
analyzing sFlow data. 

The core component of the sFlow toolkit is the sflowtool command line
utility. sflowtool interfaces to utilities such as tcpdump, ntop and
Snort for detailed packet tracing and analysis, NetFlow compatible
collectors for IP flow accounting, and provides text based output
that can be used in scripts to provide customized analysis and
reporting and for integrating with other tools such as MRTG or
rrdtool.

For example, the command:

sflowtool -t | tcpdump -r -

will provide a decoded packet trace. Advanced packet filtering is
easily performed using tcpdump. In addition, many other packet
analyzers are capable of processing packets in tcpdump format.




> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On 
> Behalf Of Tony Wasson
> Sent: Thursday, March 28, 2002 8:43 AM
> To: Pete Kruckenberg
> Cc: nanog at merit.edu
> Subject: Re: Let's talk about Distance Sniffing/Remote Visibility
> 
> 
> 
> sFlow is great! I've used InMon's (www.inmon.com) sFlow probe 
> along with the xRMON built into some HP switches to get 
> packet sampling. The math on packet sampling is pretty deep. 
> NTOP also supports sFlow and it is open source. www.ntop.org
> 
> Tony Wasson
> 
> ----- Original Message -----
> From: "Pete Kruckenberg" <pete at kruckenberg.com>
> To: <nanog at merit.edu>
> Sent: Thursday, March 28, 2002 8:12 AM
> Subject: Re: Let's talk about Distance Sniffing/Remote Visibility
> 
> 
> >
> > On Thu, 28 Mar 2002 CARL.P.HIRSCH at sargentlundy.com wrote:
> > > It seems to me that the means available are A) a very expensive
> > >  distributed NAI Sniffer installation B) standard RMON 
> probes and the 
> > > NMS of your choice and C) A linux box with a ton of interfaces 
> > > running Ethereal accessed via Xwindows/VNC/whatever.
> >
> > I am starting to deploy GigE as a WAN technology. One nice 
> benefit is 
> > that the equipment (Cisco 6500/7600 class) has capabilities not 
> > usually found in routers (such as remote port mirroring). 
> Coupled with 
> > VLAN ACL's, this can be quite useful for ad-hoc remote
> > diagnostics. 
> >
> > One particularly interesting adaptation is sFlow (RFC 
> 3176), currently 
> > only implemented by Foundry (I don't know of any other vendors 
> > planning to implement sFlow). sFlow is usually pitched against 
> > Netflow, I see it more as a diagnostic tool. It works quite 
> like port 
> > mirroring, but also allows sampling and only sends header 
> information 
> > to the collection server.
> >
> > Pete.
> >
> >
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPKNa5C+t+bSN12wHEQJb7ACgl3o1lBRSLME/jerFPSZIWtNtdgoAoOR+
ve3DiXjpnhQVg1hPgBP4e+Tn
=YQ4G
-----END PGP SIGNATURE-----




More information about the NANOG mailing list