The way this feature would work is to export the flows from a router with a
full BGP table. The router would do the complicated job of mapping IPs to
ASNs (via BGP information) and would simply export that information to you.
(Note: some implementations and bugs severely limit this in older routers -
e.g. Cisco 7600).
Since you are sniffing traffic, you would only have packet information
available and you would need to do the lookup yourself.
I guess the lookup could be done in multiple ways, but in the end it's a
question of performance - having to look up every source and destination IP
against RIPE or ARIN would probably put a big dent in your performance.
Most likely you could live with cached data which would be faster to
look-up.
On Fri, May 3, 2013 at 8:59 AM, Skept <impossibleprobabil...@gmail.com>wrote:
> Dear list,
>
> We are planning to graph traffic to top asn's. Currently we are exporting
> traffic from a switch mirrored port. The port is connected to the Linux
> system hosting nfsen and the flows are exported via nprobe.
>
> I figured the obvious choice would be src as and DST as, but graphs with
> those parameters are turning up empty.
>
> I searched around and found a three part script on nfsen list detailing
> procedure to graph the top thousand asn's. The link is here.
>
> http://comments.gmane.org/gmane.network.nfsen.general/1242
>
> I couldn't figure out what the top directory means in the first part.
>
> Also, I guess the question boils down to if the core router is not doing
> bgp, how do I graph specific asn's? Look up each IP address block, add
> them to an ASN and then graph traffic to and from that ASN? Are there any
> implementations of it?
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
