nanog mailing list archives
Re: Techniques for passive traffic capturing
From: "Kevin Kadow" <kkadow+pottedmeatproduct () gmail com>
Date: Mon, 23 Jun 2008 22:00:06 -0500
We started out with SPAN ports, then moved on to Netoptics taps. Lately we've been using a combination of Cisco Netflow (from remote routers), and native Argus flows (from local taps) where we need more details. Flows are useful to answer "What happened X minutes/hours/days ago?", and where you do not need/want to capture full packet bodies (though with Argus you can choose whether to include payload data). http://qosient.com/argus/
Current thread:
- Techniques for passive traffic capturing Ross Vandegrift (Jun 23)
- Re: Techniques for passive traffic capturing Nathan Ward (Jun 23)
- Re: Techniques for passive traffic capturing Ross Vandegrift (Jun 24)
- Re: Techniques for passive traffic capturing Matt Cable (Jun 25)
- Re: Techniques for passive traffic capturing Ross Vandegrift (Jun 24)
- Re: Techniques for passive traffic capturing Kevin Kadow (Jun 23)
- Re: Techniques for passive traffic capturing Ross Vandegrift (Jun 24)
- Re: Techniques for passive traffic capturing Justin Shore (Jun 24)
- Re: Techniques for passive traffic capturing Nathan Ward (Jun 23)