Is there something similar to this NetFlow for the PIX?? I could use a tool that monitors each flow of traffic, perhaps even with the ability to specify a specific host to monitor its flows across the IPSec tunnel of two PIXen.
Any suggestions appreciated. Mark -----Original Message----- From: Greg Reaume [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: Re: protocol monitoring software [7:55110] Sam, OVER HERE! LOOK HERE! PICK ME! :) Seriously though, take a look at NetFlow. Nice flow based accounting exported at flow conclusion by the router to a 'collector'. It records, on a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get the idea; this is pretty powerful stuff! You can have your collector aggregate all the flow exports over a given time period, or you can have your router do it before it sends the info to the collector. Cisco sells their own commercial products to collect and analyze and they also partner with 3rd party commercial vendors to provide you with collectors and analyzers. The best stuff though, IMHO, are the tools from the open source community. Cisco acknowledges these tools and even lists where you can get them on their website, however, they are obviously not supported. Start here: http://www.cisco.com/go/netflow http://net.doit.wisc.edu/~plonka/FlowScan/ http://www.splintered.net/sw/flow-tools/ http://www.columbia.edu/acis/networks/advanced/CUFlow/ There are good examples of implementations here: http://wwwstats.net.wisc.edu/ http://www.canet3.net/stats/map.html And of course, although they have no relation to NetFlow, no disscussion of network monitoring tools is complete without Tobi's Tools: http://www.smokeping.org http://www.mrtg.org http://www.rrdtool.org HTH, Greg Reaume ""Cliff Stewart"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sam, Have you taken a look at NBAR? Take a look at the Cisco IOS Quality of Service Solutions Configuration Guide it should work for you. -Cliff -----Original Message----- From: "sam sneed" To: [EMAIL PROTECTED] Date: Tue Oct 08 10:19:08 PDT 2002 Subject: protocol monitoring software [7:55110] >Hello, > > I am looking for software that will monitor what kind of traffic is going >through my network and report it.I am only concerned with what is going >through my firewall so I will place the monitoring station on a hub with the >firewall or use SPAN port. Here are requirements: > >Doesn't use netflow to collect data, want to use libpcap to capture data. >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, SMTP >etc. >Do not want to use NTOP, too much of a pain in the ass to get it to work >longer than 20 minutes without a seg fault. >Would like the output in graphical form preferbably embeded in a web page. > >If anyone has come across this please let me know. I'm contemplating writing >my own software but would rather not. > >Thanks. ___________________________________________________ GO.com Mail Get Your Free, Private E-mail at http://mail.go.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55149&t=55110 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
