|
Posted by Trendkill on July 16, 2008, 7:36 am
If you were Registered and logged in, you could reply and use other advanced thread options >
>
>
>
>
> > > > Hi all
>
> > > > I'd like to hear what you folks use to analyze traffic. I've come t=
o a
> > > > point where I need, down to the minute, statistics of traffic flowi=
ng
> > > > in and out of a GigE interface and since I've mostly worked with
> > > > sniffers before I need some suggestions.
> > > > I don't need to capture entire packets, I just need to know the sou=
rce/
> > > > destination IP along with the ports. My goal is to catch any bursti=
ng
> > > > traffic that's currently causing buffer drops. Windows apps preferr=
ed.
>
> > > > Best regards
> > > > Fredrik
>
> > > You'll most likely need netflow, although it generally only runs on
> > > router ports which are much more likely to be bottlenecks than switch
> > > ports. =A0I think the latest versions of switches support netflow, bu=
t
> > > in most cases, you can only run it on routers or switched virtual
> > > interfaces (aka vlans on routers). =A0You would need to find a tool t=
hat
> > > you can use, and most cost money. =A0You can check out ntop which is
> > > pretty good, but I think its only *nix based.
>
> > > For simple traffic monitoring, snmp is the best on switches as you ca=
n
> > > monitor the in/out of the specific port. =A0But that only shows you
> > > bandwidth and utilization and does not show IP information. =A0As soo=
n
> > > as this becomes a requirement, a sniffer or netflow will be your only
> > > options. =A0Of course you can turn on ip route cache flow on the rout=
er
> > > interface of that vlan/subnet and then do a show ip cache flow which
> > > will show you all the current flows. =A0If you add in a '| include K'=
,
> > > it will filter out the smaller flows and only focus on the very large
> > > flows (which will be in the thousands, and therefore will have the
> > > K). =A0This will provide source & destination.
>
> > Show netstat may also work on newer enterprise gear, although I don't
> > think it shows size of the flows and therefore can be hard to gain
> > context.
>
> Thanks for the answers but I was thinking more in the line of some
> application that analyzes SPANed traffic
>
> /Fredrik
None that i know of. Sniffers will look at individual packets, but
there is no context of how much utilization when you are just looking
at packets via a span. Netflow is what you are looking for, and the
router will report to a netflow collector that analyzes traffic that
is routed from one interface to another. It will tell you utilization
(although there are some slight discrepancies on that too), source,
destination, ports, etc, and organize by the heavy hitters. I don't
know of any app that looks at sniffer traffic and has summary
reporting. Something like OpNet (which is very expensive but a very
nice tool) can use sniffer traces and sum up traffic between hosts
(amount of send/receive, latency, etc), but it does not show overall
interface utilization on the router or switch, it looks at it from a
server perspective of traffic sent and received.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map