On Wed, Mar 07, 2001 at 01:00:49PM +1300, Craig Anderson wrote:
I'm looking for off the shelf commercial or otherwise software for monitoring traffic. In particular, i'd like graphs showing the total traffic and the % traffic that is HTTP, SMTP, FTP, etc., and TCP, UDP, ICMP etc. splits. Of course also split by inbound/outbound, remote site location (NZ, International), and local network (i.e. by client of an ISP). Both near real-time data and historical analysis.
If you're using cisco routers, or something else that can generate netflow data: http://www.caida.org/tools/measurement/cflowd/ http://www.cisco.com/warp/public/732/netflow/ CAIMIS sell consulting services and enhanced versions of tools developed by CAIDA: http://www.caimis.com/ NeTraMeT can meter based on Netflow exports (since version 4.3, from memory). It uses a version of the meter call NetFlowMet. NeTraMeT can meter on a promiscuous ethernet port. JUNOS can export flow samples in arts++ format, or so I believe: http://www.juniper.net/techpubs/software/junos41/swconfig-interfaces41/html/... (that's a pretty crummy link; I didn't look very hard.) All those should store sufficient indentifying marks from flow data to allow you to distinguish between different tcp/udp protocols. To get NZ vs. international stats in real-time you could use community- based accounting on a cisco, together with a full route table tagged with community strings according to route origin. CLEAR and Telstra Saturn used to keep origin-based community tags on the prefixes in their table. I'm not sure if community accounting is a released ios feature or not, but I've heard some things about it.
I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further.
Does anyone know of where i can find such software?
Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog