On Thu, Feb 23, 2012 at 1:59 PM, Justin M. Streiner <strei...@cluebyfour.org> wrote: > On Thu, 23 Feb 2012, Maverick wrote: > >> I want to be able to see information like how much traffic an ip send >> over a period of time, what machines it talked to etc from this >> perspective it should be IP based but I would really like to know how >> other people do it. > > > Truth is that most people probably don't do it, beyond temporary, ad-hoc > deployments, to solve a specific problem at a specific point in time. > Traffic capture and analysis doesn't scale too well into multi-Gb/s service > provider environments. > > Netflow tools are an option if 'reasonably accurate' is good enough for your > needs. > > jms >
For high speed switched Ethernet environments, consider using sFlow. You can treat sFlow as remote packet capture and use Wireshark/tcpdump for troubleshooting network traffic: http://blog.sflow.com/2011/11/wireshark.html Or use sFlow reporting tools to find IP sources, protocols etc.: http://sflow.org/products/collectors.php Which tool to choose depends on your requirements.