From: omer ben-shalom (obensha@hotmail.com)
Date: Wed Apr 21 2004 - 05:45:59 GMT-3
Hi all,
Since traffic seem to be from a single subnet it is likely enough that you
have a single monitor point that sees it all (SPAN on a VLAN or incoming
interface or similar).
I have put netflow accounting to good use for things like this, you can
either get it from the router or there is a very good stand alone netflow
probe which is reasonably priced (100-150 Euro I think) and runs on both
windows and Linux hosts. Any old desktop you intend to put out of use will
be a very good probe. The probe is called nProbe and you can find the home
page in http://www.ntop.org/nProbe.html . This probe can do much more than
the standard netflow V5 in Cisco routers as well.
You can monitor all traffic or just capture specific traffic like http with
no problem. Analyzing the results can be done with a few freeware tools such
as FLAVIO which are available or you can import the netflow trace files
every X minutes into an SQL database to do more fun stuff writing your own
reports. You can also of course save the data in csv and then do it in
Excel, your call.
A sample perl script for dumping the trace file and automatically importing
it to a database is included in the distribution but you can write/get
others.
Disclaimer: I am voicing my personal thoughts here and do not speak for my
employer in any way and form whatsoever.
Thanks
Omer Ben-Shalom
Network Designer/Analyst, CCIE #8540
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott, Tyson C
Sent: Wednesday, April 21, 2004 1:06 AM
To: Peng Zheng; Mohamed; ccielab@groupstudy.com
Subject: RE: SNMP Traffic Monitoring , Is it possible?
If you have the budget use a web-caching engine. We use it every month
to run reports of specific groups internet access use. This will also
increase your ability to filter web traffic you don't want used.
Regards,
Tyson Scott
Agilent Problem Management Team
Managed Network Services
Phone: 313-583-5812
Pager: 877-997-0811
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peng Zheng
Sent: Thursday, April 15, 2004 3:20 AM
To: Mohamed; ccielab@groupstudy.com
Subject: RE: SNMP Traffic Monitoring , Is it possible?
Actually, I want to monitor the information from other
machine, so it is better to get the infomation through
snmp.
Thanks.
--- Mohamed <nmohamed@cisco.com> wrote:
>Yahoo.com source address keep changing-
>I don't know whether this is a good solution-what
>about creating an
>access-list which allows all web traffic and you
>log,so that you can
>know how many packets went out to port 80.
>It is processor intensive.
>
>Any other best solution is appreciated.
>
>Thanks
>Mohamed.
>
>
>-----Original Message-----
>From: nobody@groupstudy.com
>[mailto:nobody@groupstudy.com] On Behalf Of
>Peng Zheng
>Sent: Thursday, April 15, 2004 11:35 AM
>To: ccielab@groupstudy.com
>Subject: SNMP Traffic Monitoring , Is it possible?
>
>
>I want to monitor special traffic go through a
>router
>to do the traffic control.
>
>For example, I have a LAN, I have 100 clients,
>192.168.0.1 to 192.168.0.100, I want to monitor http
>traffic to any address in my LAN in real time. For
>example, how can I know the amount http traffic from
>www.yahoo.com to
>certain IP (192.168.0.50)?
>
>Is it possible to get it from Cisco Router through
>SNMP?
>
>
>
>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - File online by April 15th
>http://taxes.yahoo.com/filing.html
>
>
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:51 GMT-3