Re: Network Traffic Collection

[Peter Phaal <peter.phaal () gmail com>]

On Thu, Feb 23, 2012 at 1:59 PM, Justin M. Streiner
<streiner () cluebyfour org> wrote:
> On Thu, 23 Feb 2012, Maverick wrote:
>
> > I want to be able to see information like how much traffic an ip send
> > over a period of time, what machines it talked to etc from this
> > perspective it should be IP based but I would really like to know how
> > other people do it.
>
>
> Truth is that most people probably don't do it, beyond temporary, ad-hoc
> deployments, to solve a specific problem at a specific point in time.
> Traffic capture and analysis doesn't scale too well into multi-Gb/s service
> provider environments.
>
> Netflow tools are an option if 'reasonably accurate' is good enough for your
> needs.
>
> jms

For high speed switched Ethernet environments, consider using sFlow.

You can treat sFlow as remote packet capture and use Wireshark/tcpdump
for troubleshooting network traffic:

http://blog.sflow.com/2011/11/wireshark.html

Or use sFlow reporting tools to find IP sources, protocols etc.:

http://sflow.org/products/collectors.php

Which tool to choose depends on your requirements.