[nsp] how to report on traffic by protocol?

Nicola Foggi nfoggi@depaul.edu
Mon, 11 Nov 2002 13:57:50 -0600 

We use a couple tools to process the information, all which are linked too =
off of this page:

http://www.switch.ch/tf-tant/floma/software.html

We use flow-tools to capture the flows
We then use flowscan with the CUFlow module to turn them into graphs

All the utils are free that we use.

Example of the graphs can be seen at http://flows.is-net.depaul.edu (which =
is still a work in progress)

We're in the process of writing some cron jobs to produce TOP DST ASN and =
TOP PORT reports and such (they don't work just quite yet) using the =
flow-report from flow-tools.

Good Luck!

Nicola Foggi
Networks and Telecom
DePaul University

>>> "Furnish, Trever G" <TGFurnish@herff-jones.com> 11/11/02 01:35PM >>>
What do you, list members, use to report on bandwidth usage by protocol or
application?  And has anyone had any experience with particular software
packages to facilitate this, especially free (as in beer) packages?

I've just gotten my feet damp with exporting netflow records but haven't =
yet
delved deeply enough into it to figure out what flow collection process =
(if
any) will be suitable for my needs.  Cost is a big issue.  Interface isn't
much of an issue, so long as I can get decent reporting or direct access =
to
the flow data for processing with scripts.  If you use netflow, what
collector software and reporting software do you use?

Is there something else suitable for this need besides netflow, without
span'ning my traffic at a switch to a monitored port (ie for tcpdump)?  =
With
netflow caching and exporting enabled on one interface my cpu load on a =
2600
series router went from 61% to 98% with quite a bit of packet loss.  I =
only
discovered netflow itself by accident, so if there are other options out
there I probably know nothing about them.

Constructive words appreciated.

--
Trever
_______________________________________________
cisco-nsp mailing list  real_name)s@puck.nether.net=20
http://puck.nether.net/mailman/listinfo/cisco-nsp=20
archive at http://puck.nether.net/pipermail/cisco-nsp/