Linux router traffic monitoring, how? netflow?

Fri Nov 14 07:39:51 UTC 2014

Hello

I've used ntop in the past with great success.

ntop.org

Regards

Wayne

On 14 November 2014 02:35, Murat Kaipov <mkaipov at outlook.com> wrote:

> Hello Eliezer.
> Netflow will be the best solution to find the host that's generate load.
> First you need decide what netflow analyzer you'll use. I know about some
> plugin to Cacti. Than you need install IPT-NETFLOW to your Ubuntu router.
> Also you have another way, you can monitor (snmp traffic) all ports on
> switches and then find analyze.
> B.R. Murat
>
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Eliezer Croitoru
> Sent: Thursday, November 13, 2014 8:10 PM
> To: nanog at nanog.org
> Subject: Linux router traffic monitoring, how? netflow?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey all,
>
> I have a tiny linux router based on ubuntu and sometimes I get a massive
> load of UDP traffic because of one of the PCs in the network.
> Usually I handle the situation with a strict block using iptables.
> The main issue is to find it due to the load.
> For now I am monitoring the traffic load using MRTG but it won't notify me.
> I can try to use nagios to monitor traffic load for a period of time but
> before I start working on it I want another person opinion and options.
>
> I have seen netflow in the past but never actually used it.
>
> Thanks in advance,
> Eliezer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ
> GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R
> MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP
> eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4
> cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2
> IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM=
> =gZaZ
> -----END PGP SIGNATURE-----
>