North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Techniques for passive traffic capturing

  • From: Kevin Kadow
  • Date: Mon Jun 23 23:00:21 2008

We started out with SPAN ports, then moved on to Netoptics taps.

Lately we've been using a combination of Cisco Netflow (from remote routers),
and native Argus flows (from local taps) where we need more details.

Flows are useful to answer "What happened X minutes/hours/days ago?",
and where you do not need/want to capture full packet bodies
(though with Argus you can choose whether to include payload data).

http://qosient.com/argus/