Re: Network Traffic Collection

[Carlos Alcantar <carlos () race com>]

Netflow / Sflow with one of the fallowing software packages

http://www.plixer.com/products/netflow-sflow/scrutinizer-netflow-sflow.php
http://www.solarwinds.com/NetFlow

http://www.arbornetworks.com/
Or the hand full of other open source options out there.



Carlos Alcantar
Race Communications / Race Team Member
101 Haskins Way, So. San Francisco, CA. 94080
Phone: +1 415 376 3314 / carlos () race com / http://www.race.com





-----Original Message-----
From: Maverick <myeaddress () gmail com>
Date: Thu, 23 Feb 2012 15:19:24 -0500
To: Jeroen Massar <jeroen () unfix org>
Cc: "nanog () nanog org" <nanog () nanog org>
Subject: Re: Network Traffic Collection

I want to be able to see information like how much traffic an ip send
over a period of time, what machines it talked to etc from this
perspective it should be IP based but I would really like to know how
other people do it.

Best,
Ali

On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar <jeroen () unfix org> wrote:
> On 2012-02-23 21:11 , Maverick wrote:
> > Hello,
> >
> > I am trying to collect traffic traffic from pcap file and store it in
> > a database but really confused how to organize it. Should I organize
> > it on connection basis/ flow basis or IP basis.
> >
> > It might be an effort to write a customized traffic analysis tool like
> > wireshark with only required functionality. I would really appreciate
> > if someone can give me direction on write way of organizing the data
> > because right now I only see individual packets and no way of putting
> > them in some order.
>
> Does this all not completely depend on what you actually want to do with
> it? You might want to start there instead of the other way around.
>
> Greets,
>  Jeroen

Attachment: smime.p7s
Description: