Network Traffic Collection
Peter Phaal
peter.phaal at gmail.com
Thu Feb 23 23:41:20 UTC 2012
On Thu, Feb 23, 2012 at 1:59 PM, Justin M. Streiner
<streiner at cluebyfour.org> wrote:
> On Thu, 23 Feb 2012, Maverick wrote:
>
>> I want to be able to see information like how much traffic an ip send
>> over a period of time, what machines it talked to etc from this
>> perspective it should be IP based but I would really like to know how
>> other people do it.
>
>
> Truth is that most people probably don't do it, beyond temporary, ad-hoc
> deployments, to solve a specific problem at a specific point in time.
> Traffic capture and analysis doesn't scale too well into multi-Gb/s service
> provider environments.
>
> Netflow tools are an option if 'reasonably accurate' is good enough for your
> needs.
>
> jms
>
For high speed switched Ethernet environments, consider using sFlow.
You can treat sFlow as remote packet capture and use Wireshark/tcpdump
for troubleshooting network traffic:
http://blog.sflow.com/2011/11/wireshark.html
Or use sFlow reporting tools to find IP sources, protocols etc.:
http://sflow.org/products/collectors.php
Which tool to choose depends on your requirements.
More information about the NANOG
mailing list