[j-nsp] SRX210 + AppTrack. How to analyse?

Chris Kawchuk juniperdude at gmail.com
Tue Aug 13 00:14:22 EDT 2013


Netflow.

The SRX's can do RE-Based sampling and generate Netflow v5 packets easily for secondary analysis. Same way you'd do it on an M/MX series wight he standard ops caveats. ( http://juniper.cluepon.net/index.php/Cflowd_configuration ).

I've done this myself on an SRX210 at one of our offices for just this purpose. Works well. Just need any 3rd party Netflow analyzer (caida, intermapper, ns2flows, proqsys, -insert tool of your choice- etc..). I was using ProQsys myself.

Nice way is you can shoot the data anywhere on the internet (including back to your HQ across the internet if you want to do the analysis for him).

- CK.

On 12/08/2013, at 3:11 PM, Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com> wrote:

> Hey all,
> 
> I have a customer in a bandwidth sensitive location (expensive and slow),
> and they would like to know what is going through their device, and who is
> doing it.
> 
> 
> So what I am looking for is... How can we look at their device, and see
> what is happening (preferably live) on a protocol and user (IP?) basis.




More information about the juniper-nsp mailing list