[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Techniques for passive traffic capturing

Subject: Techniques for passive traffic capturing
From: kkadow+pottedmeatproduct at gmail.com (Kevin Kadow)
Date: Mon, 23 Jun 2008 22:00:06 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

We started out with SPAN ports, then moved on to Netoptics taps.

Lately we've been using a combination of Cisco Netflow (from remote routers),
and native Argus flows (from local taps) where we need more details.

Flows are useful to answer "What happened X minutes/hours/days ago?",
and where you do not need/want to capture full packet bodies
(though with Argus you can choose whether to include payload data).

http://qosient.com/argus/

Follow-Ups:
- Techniques for passive traffic capturing
  - From: ross at kallisti.us (Ross Vandegrift)

References:
- Techniques for passive traffic capturing
  - From: ross at kallisti.us (Ross Vandegrift)

Prev by Date: APNIC dns glitch ?
Next by Date: Cloud service [was: RE: EC2 and GAE means end of ip addressreputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Previous by thread: Techniques for passive traffic capturing
Next by thread: Techniques for passive traffic capturing
Index(es):
- Date
- Thread