Traffic visibility tools

[Kenny Taylor <kenny.taylor () kccd edu>]

Good morning,

I hate to pull away from the 44/8 fire (KJ6BSQ here, and former AMPRnet user), but I'd like to get some advice from the 
community on traffic visibility tools..

We use a pair of appliances called Exinda for traffic shaping and visibility.  The current appliances are 
end-of-support and the replacements are hugely expensive after GFI acquired Exinda.  Traffic shaping is less of a 
concern now, as circuit speeds have caught up with our users, but visibility is still a big need.  Those boxes do two 
things very well:  1) identification of FQDNs using SSL cert inspection on HTTPS traffic and 2) categorization of the 
traffic (i.e. Netflix, Youtube, etc.).  We have Netflow monitoring using PRTG, but seeing something like 
'ec2-34-214-76-39.us-west-2.compute.amazonaws.com' in Netflow logs isn't very useful.

We're looking for something that could sit either inline or hang off a SPAN port, handle 5-10 Gbit of traffic, do the 
SSL cert FQDN identification, and preferably group results by site/subnet/category.  What would you guys recommend?

Thanks,

Kenny Taylor
WAN Engineer
Kern Community College District