[150421] in North American Network Operators' Group
RE: Network Traffic Collection
daemon@ATHENA.MIT.EDU (Matlock, Kenneth L)
Thu Feb 23 15:21:29 2012
Date: Thu, 23 Feb 2012 13:20:23 -0700
In-Reply-To: <CA+vWMo5DUC9+s_W2Z99tA=+7ROD2kDvNG-a2R0ZET_ZPX25+Zg@mail.gmail.com>
From: "Matlock, Kenneth L" <MatlockK@exempla.org>
To: "Maverick" <myeaddress@gmail.com>,
"Jeroen Massar" <jeroen@unfix.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Netflow + netflow collector.
Ken Matlock
Network Analyst
Systems and Technology Service Center
Sisters of Charity of Leavenworth Health System=20
12600 W. Colfax, Suite A-500
Lakewood, CO 80215
=20
303-467-4671
matlockk@exempla.org
=20
-----Original Message-----
From: Maverick [mailto:myeaddress@gmail.com]=20
Sent: Thursday, February 23, 2012 1:19 PM
To: Jeroen Massar
Cc: nanog@nanog.org
Subject: Re: Network Traffic Collection
I want to be able to see information like how much traffic an ip send over =
a period of time, what machines it talked to etc from this perspective it s=
hould be IP based but I would really like to know how other people do it.
Best,
Ali
On Thu, Feb 23, 2012 at 3:14 PM, Jeroen Massar <jeroen@unfix.org> wrote:
> On 2012-02-23 21:11 , Maverick wrote:
>> Hello,
>>
>> I am trying to collect traffic traffic from pcap file and store it in=20
>> a database but really confused how to organize it. Should I organize=20
>> it on connection basis/ flow basis or IP basis.
>>
>> It might be an effort to write a customized traffic analysis tool=20
>> like wireshark with only required functionality. I would really=20
>> appreciate if someone can give me direction on write way of=20
>> organizing the data because right now I only see individual packets=20
>> and no way of putting them in some order.
>
> Does this all not completely depend on what you actually want to do=20
> with it? You might want to start there instead of the other way around.
>
> Greets,
> =A0Jeroen
>
*** Exempla Confidentiality Notice *** The information contained in this me=
ssage may be privileged and confidential and protected from disclosure. If =
the reader of this message is not the intended recipient, or an employee or=
agent responsible for delivering this message to the intended recipient, y=
ou are hereby notified that any other dissemination, distribution or copyin=
g of this communication is strictly prohibited. If you have received this c=
ommunication in error, please notify me immediately by replying to the mess=
age and deleting it from your computer. Thank you. *** Exempla Confidential=
ity Notice ***
