[c-nsp] Traffic Analyzing?

Ted Mittelstaedt tedm at toybox.placo.com
Fri Dec 14 01:06:41 EST 2007



> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Giles Coochey
> Sent: Thursday, December 13, 2007 1:05 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Traffic Analyzing?
>
>
> > Sure..
> > 	Check out stager http://software.uninett.no/stager  or
> FlowViewer
> > http://ensight.eos.nasa.gov/FlowViewer/ coupled with netflow data
> > exports..
> > both have nice web front ends to allow you to slice and dice your
> netflow
> > data. Of course your router will need full routes so it knows prefixes
> and
> > destination ASN#.
> >
>
> I worked with flow-tools and nfsen/nfdump when I worked for a company
> without much of a budget assignment for traffic analysis.
> They are both great tools, but suffer from the usual open source
> drawbacks - difficult to get going, little to no documentation and while
> the mailing lists were a great help there was no guarantee of getting
> support in a timely manner.
>
> I've since installed Fluke's Netflow Tracker (Formerly by Crannog
> Software) and would say that if you can afford it, it's very much worth
> it - easy to get going, little to no fiddling around, extremely
> flexible, excellent documentation and guaranteed commercial support.
>

Or, you could pay someone who knows what they are doing to setup
flow-tools and get the same result as Fluke's stuff, with the same
level of support, and likely, less money.

Of course, most people secretly look down on stuff they don't have
to pay for, and wouldn't ever consider paying money to someone to
work with it.

Don't let the bigotry blind you to the open source stuff.  If you have
the money to burn on the commercial software, you have the same
money to burn on paying someone with more knowledge than you to
setup the open source stuff.  The tools should be evaluated based
on how well the job is they do - apples to apples here - not
compared by how much less one supposedly is going to cost.

Ted
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.17.1/1183 - Release Date: 12/13/2007
9:15 AM



More information about the cisco-nsp mailing list