Hi. I'm looking for off the shelf commercial or otherwise software for monitoring traffic. In particular, i'd like graphs showing the total traffic and the % traffic that is HTTP, SMTP, FTP, etc., and TCP, UDP, ICMP etc. splits. Of course also split by inbound/outbound, remote site location (NZ, International), and local network (i.e. by client of an ISP). Both near real-time data and historical analysis. I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further. Does anyone know of where i can find such software? Thanks, -Craig --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Craig: presumably you've considered bodging together MRTG and Netramet, and abandoned it as too hard? On Wed, 7 Mar 2001, Craig Anderson wrote:
Hi. I'm looking for off the shelf commercial or otherwise software for monitoring traffic. In particular, i'd like graphs showing the total traffic and the % traffic that is HTTP, SMTP, FTP, etc., and TCP, UDP, ICMP etc. splits. Of course also split by inbound/outbound, remote site location (NZ, International), and local network (i.e. by client of an ISP). Both near real-time data and historical analysis.
I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further.
Does anyone know of where i can find such software?
Thanks, -Craig --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, 7 Mar 2001, Craig Anderson wrote:
Hi. I'm looking for off the shelf commercial or otherwise software for monitoring traffic. In particular, i'd like graphs showing the total traffic and the % traffic that is HTTP, SMTP, FTP, etc., and TCP, UDP, ICMP etc. splits.
ntop, particularly in web mode, provides this.
Of course also split by inbound/outbound, remote site location (NZ, International), and local network (i.e. by client of an ISP). Both near real-time data and historical analysis.
That may require some configuring. It's not something I've tried.
I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further.
Try it and see. Installation and initial configuration is painless.
Does anyone know of where i can find such software?
http://www.ntop.org/ <R>< --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, Mar 07, 2001 at 01:15:37PM +1300, Rob Isaac wrote: ntop, particularly in web mode, provides this. doesn't scale; even the T1 I'm currently stuck with seems to have enough traffic variance to make it slow down and become quite horrible i'd hate to see it with a decent sized circuit --cw -- Chris Wedgwood chris.wedgwood(a)clear.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further.
Does anyone know of where i can find such software?
like http://wwwstats.net.wisc.edu/ from http://net.doit.wisc.edu/~plonka/FlowScan/ --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
nice graphs... kinda' looks like a Rorschach ink blot test... go ahead ask me how I know! Does anybody use any pretty back-ends for cflowd? Cflowd scared me away when they started talking about the large solid-state RAM drive hardware needed to handle heavy/multiple traffic flows. uh, anyway, ntop and iptraf are good too, if you don't need to show the PHB pretty pictures and you're chokepoint is a solaris/linux box. Freshmeat and sourceforge are your friends. Sid Jones wrote:
I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further.
Does anyone know of where i can find such software?
like http://wwwstats.net.wisc.edu/
from http://net.doit.wisc.edu/~plonka/FlowScan/
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, Mar 07, 2001 at 01:00:49PM +1300, Craig Anderson wrote:
I'm looking for off the shelf commercial or otherwise software for monitoring traffic. In particular, i'd like graphs showing the total traffic and the % traffic that is HTTP, SMTP, FTP, etc., and TCP, UDP, ICMP etc. splits. Of course also split by inbound/outbound, remote site location (NZ, International), and local network (i.e. by client of an ISP). Both near real-time data and historical analysis.
If you're using cisco routers, or something else that can generate netflow data: http://www.caida.org/tools/measurement/cflowd/ http://www.cisco.com/warp/public/732/netflow/ CAIMIS sell consulting services and enhanced versions of tools developed by CAIDA: http://www.caimis.com/ NeTraMeT can meter based on Netflow exports (since version 4.3, from memory). It uses a version of the meter call NetFlowMet. NeTraMeT can meter on a promiscuous ethernet port. JUNOS can export flow samples in arts++ format, or so I believe: http://www.juniper.net/techpubs/software/junos41/swconfig-interfaces41/html/... (that's a pretty crummy link; I didn't look very hard.) All those should store sufficient indentifying marks from flow data to allow you to distinguish between different tcp/udp protocols. To get NZ vs. international stats in real-time you could use community- based accounting on a cisco, together with a full route table tagged with community strings according to route origin. CLEAR and Telstra Saturn used to keep origin-based community tags on the prefixes in their table. I'm not sure if community accounting is a released ios feature or not, but I've heard some things about it.
I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further.
Does anyone know of where i can find such software?
Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Mar 06, 2001 at 08:13:40PM -0500, Joe Abley wrote: JUNOS can export flow samples in arts++ format, or so I believe: http://www.juniper.net/techpubs/software/junos41/swconfig-interfaces41/html/... actually it exports sotck netflow v5 type packets; which makes using netflow stuff really easy (tested last Nov) --cw -- Chris Wedgwood chris.wedgwood(a)clear.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
http://www.packeteer.com -----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Craig Anderson Sent: Wednesday, 7 March 2001 11:01 a.m. To: nznog(a)list.waikato.ac.nz Subject: traffic analysis by protocol Hi. I'm looking for off the shelf commercial or otherwise software for monitoring traffic. In particular, i'd like graphs showing the total traffic and the % traffic that is HTTP, SMTP, FTP, etc., and TCP, UDP, ICMP etc. splits. Of course also split by inbound/outbound, remote site location (NZ, International), and local network (i.e. by client of an ISP). Both near real-time data and historical analysis. I've found several protocol analysers that will give real-time and historical graphs by protocol, but don't seem to have any real facilities for breaking this down much further. Does anyone know of where i can find such software? Thanks, -Craig --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I have a bridge for sale if anyone is interested --cw On Wed, Mar 07, 2001 at 01:28:09PM +1100, Tony Wicks wrote: http://www.packeteer.com -- Chris Wedgwood chris.wedgwood(a)clear.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (8)
-
cfb -
Chris Wedgwood -
Craig Anderson -
Joe Abley -
Rob Isaac -
Sid Jones -
Simon Blake -
Tony Wicks