Network Traffic Collection

• Previous message (by thread): Network Traffic Collection
• Next message (by thread): Network Traffic Collection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PCAP is not well suited to what you describe. Most people use Sflow/Cflow/...
instead.

Owen

On Feb 23, 2012, at 12:19 PM, Maverick wrote:

> I want to be able to see information like how much traffic an ip send
> over a period of time, what machines it talked to etc from this
> perspective it should be IP based but I would really like to know how
> other people do it.
> 
> Best,
> Ali
> 
> On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar <jeroen at unfix.org> wrote:
>> On 2012-02-23 21:11 , Maverick wrote:
>>> Hello,
>>> 
>>> I am trying to collect traffic traffic from pcap file and store it in
>>> a database but really confused how to organize it. Should I organize
>>> it on connection basis/ flow basis or IP basis.
>>> 
>>> It might be an effort to write a customized traffic analysis tool like
>>> wireshark with only required functionality. I would really appreciate
>>> if someone can give me direction on write way of organizing the data
>>> because right now I only see individual packets and no way of putting
>>> them in some order.
>> 
>> Does this all not completely depend on what you actually want to do with
>> it? You might want to start there instead of the other way around.
>> 
>> Greets,
>>  Jeroen
>> 

• Previous message (by thread): Network Traffic Collection
• Next message (by thread): Network Traffic Collection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]