On Thu, Feb 23, 2012 at 1:59 PM, Justin M. Streiner <streiner@cluebyfour.org> wrote:
On Thu, 23 Feb 2012, Maverick wrote:
I want to be able to see information like how much traffic an ip send over a period of time, what machines it talked to etc from this perspective it should be IP based but I would really like to know how other people do it.
Truth is that most people probably don't do it, beyond temporary, ad-hoc deployments, to solve a specific problem at a specific point in time. Traffic capture and analysis doesn't scale too well into multi-Gb/s service provider environments.
Netflow tools are an option if 'reasonably accurate' is good enough for your needs.
jms
For high speed switched Ethernet environments, consider using sFlow. You can treat sFlow as remote packet capture and use Wireshark/tcpdump for troubleshooting network traffic: http://blog.sflow.com/2011/11/wireshark.html Or use sFlow reporting tools to find IP sources, protocols etc.: http://sflow.org/products/collectors.php Which tool to choose depends on your requirements.