Network Traffic Collection

• Previous message (by thread): Network Traffic Collection
• Next message (by thread): Network Traffic Collection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 23, 2012 at 1:59 PM, Justin M. Streiner
<streiner at cluebyfour.org> wrote:
> On Thu, 23 Feb 2012, Maverick wrote:
>
>> I want to be able to see information like how much traffic an ip send
>> over a period of time, what machines it talked to etc from this
>> perspective it should be IP based but I would really like to know how
>> other people do it.
>
>
> Truth is that most people probably don't do it, beyond temporary, ad-hoc
> deployments, to solve a specific problem at a specific point in time.
> Traffic capture and analysis doesn't scale too well into multi-Gb/s service
> provider environments.
>
> Netflow tools are an option if 'reasonably accurate' is good enough for your
> needs.
>
> jms
>

For high speed switched Ethernet environments, consider using sFlow.

You can treat sFlow as remote packet capture and use Wireshark/tcpdump
for troubleshooting network traffic:

http://blog.sflow.com/2011/11/wireshark.html

Or use sFlow reporting tools to find IP sources, protocols etc.:

http://sflow.org/products/collectors.php

Which tool to choose depends on your requirements.

• Previous message (by thread): Network Traffic Collection
• Next message (by thread): Network Traffic Collection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]