[105450] in North American Network Operators' Group
Re: Techniques for passive traffic capturing
daemon@ATHENA.MIT.EDU (Kevin Kadow)
Mon Jun 23 23:00:25 2008
Date: Mon, 23 Jun 2008 22:00:06 -0500
From: "Kevin Kadow" <kkadow+pottedmeatproduct@gmail.com>
To: nanog@nanog.org
In-Reply-To: <20080623203216.GC18464@kallisti.us>
Errors-To: nanog-bounces@nanog.org
We started out with SPAN ports, then moved on to Netoptics taps.
Lately we've been using a combination of Cisco Netflow (from remote routers),
and native Argus flows (from local taps) where we need more details.
Flows are useful to answer "What happened X minutes/hours/days ago?",
and where you do not need/want to capture full packet bodies
(though with Argus you can choose whether to include payload data).
http://qosient.com/argus/
