[69125] in North American Network Operators' Group
RE: Sorry if this discussion has been had recently but
daemon@ATHENA.MIT.EDU (Mark Borchers)
Fri Mar 26 17:13:56 2004
From: "Mark Borchers" <mborchers@igillc.com>
To: "'Drew Weaver'" <drew.weaver@thenap.com>
Cc: <nanog@merit.edu>
Date: Fri, 26 Mar 2004 16:13:15 -0600
In-Reply-To: <75634F04BFCFD511BF69009027DC8649ACCE3D@mailman.thenap.com>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_000D_01C4134D.432B3090
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Have you used flow-tools?
http://www.splintered.net/sw/
You can configure it to filter on pretty much any parameter that's
contained
in the flow-export packets. Then you send it to the report tool that's
included
in the flow-tools suite, after which you can put it through a perl
script or
a graphing tool or whatever in near real-time.
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Drew Weaver
Sent: Friday, March 26, 2004 3:39 PM
To: nanog@merit.edu
Subject: Sorry if this discussion has been had recently but
I know there is a way to do this, but what is the absolute
Defacto best method of tracking flows from Cisco/Juniper routers? I know
there is some freeware available such as cflowd but we really need
something that will alert us to trouble before it becomes a problem. We
don't mind buying an appliance to do this, and it doesn't have to be
freeware software, we just want something that will work.
Thanks,
-Drew
------=_NextPart_000_000D_01C4134D.432B3090
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>
<META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in =
1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2>Have=20
you used flow-tools?</FONT></SPAN></DIV>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2><A=20
href=3D"http://www.splintered.net/sw/">http://www.splintered.net/sw/</A><=
/FONT></SPAN></DIV>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2>You=20
can configure it to filter on pretty much any parameter that's=20
contained</FONT></SPAN></DIV>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2>in the=20
flow-export packets. Then you send it to the report tool that's=20
included</FONT></SPAN></DIV>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2>in the=20
flow-tools suite, after which you can put it through a perl script or=20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D464410922-26032004><FONT face=3DArial color=3D#0000ff =
size=3D2>a=20
graphing tool or whatever in near real-time.</FONT></SPAN></DIV>
<DIV><SPAN class=3D464410922-26032004></SPAN> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid; MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] <B>On Behalf Of =
</B>Drew=20
Weaver<BR><B>Sent:</B> Friday, March 26, 2004 3:39 PM<BR><B>To:</B>=20
nanog@merit.edu<BR><B>Subject:</B> Sorry if this discussion has been =
had=20
recently but<BR><BR></FONT></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial"> =
=20
I know there is a way to do this, but what is the absolute Defacto =
best method=20
of tracking flows from Cisco/Juniper routers? I know there is some =
freeware=20
available such as cflowd but we really need something that will alert =
us to=20
trouble before it becomes a problem. We don't mind buying an appliance =
to do=20
this, and it doesn't have to be freeware software, we just want =
something that=20
will work.</SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">Thanks,</SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">-Drew</SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_000D_01C4134D.432B3090--
