-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also note that sFlow can export it's data into tcpdump format. .chance From: http://www.inmon.com/sflowTools.htm The sFlow toolkit provides command line utilities and scripts for analyzing sFlow data. The core component of the sFlow toolkit is the sflowtool command line utility. sflowtool interfaces to utilities such as tcpdump, ntop and Snort for detailed packet tracing and analysis, NetFlow compatible collectors for IP flow accounting, and provides text based output that can be used in scripts to provide customized analysis and reporting and for integrating with other tools such as MRTG or rrdtool. For example, the command: sflowtool -t | tcpdump -r - will provide a decoded packet trace. Advanced packet filtering is easily performed using tcpdump. In addition, many other packet analyzers are capable of processing packets in tcpdump format.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Tony Wasson Sent: Thursday, March 28, 2002 8:43 AM To: Pete Kruckenberg Cc: nanog@merit.edu Subject: Re: Let's talk about Distance Sniffing/Remote Visibility
sFlow is great! I've used InMon's (www.inmon.com) sFlow probe along with the xRMON built into some HP switches to get packet sampling. The math on packet sampling is pretty deep. NTOP also supports sFlow and it is open source. www.ntop.org
Tony Wasson
----- Original Message ----- From: "Pete Kruckenberg" <pete@kruckenberg.com> To: <nanog@merit.edu> Sent: Thursday, March 28, 2002 8:12 AM Subject: Re: Let's talk about Distance Sniffing/Remote Visibility
On Thu, 28 Mar 2002 CARL.P.HIRSCH@sargentlundy.com wrote:
It seems to me that the means available are A) a very expensive distributed NAI Sniffer installation B) standard RMON
NMS of your choice and C) A linux box with a ton of interfaces running Ethereal accessed via Xwindows/VNC/whatever.
I am starting to deploy GigE as a WAN technology. One nice benefit is that the equipment (Cisco 6500/7600 class) has capabilities not usually found in routers (such as remote port mirroring). Coupled with VLAN ACL's, this can be quite useful for ad-hoc remote diagnostics.
One particularly interesting adaptation is sFlow (RFC 3176), currently only implemented by Foundry (I don't know of any other vendors planning to implement sFlow). sFlow is usually pitched against Netflow, I see it more as a diagnostic tool. It works quite
probes and the like port
mirroring, but also allows sampling and only sends header information to the collection server.
Pete.
-----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPKNa5C+t+bSN12wHEQJb7ACgl3o1lBRSLME/jerFPSZIWtNtdgoAoOR+ ve3DiXjpnhQVg1hPgBP4e+Tn =YQ4G -----END PGP SIGNATURE-----