argus and netflow
carter at qosient.com
carter at qosient.com
Wed Jul 14 12:22:34 EDT 2010
Netflow is not a reliable source of flow data. It is statistical, so you will not see all the traffic, and in some cases it may not report a flow until the flow closes, so you may not be notified for days/months that a flow is in the network.
Argus is a better solution.
Carter
------Original Message------
From: Riccardo Veraldi
Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
To: Argus
Subject: [ARGUS] argus and netflow
Sent: Jul 14, 2010 12:15 PM
Hello,
I am analyzing network traffic with argus (radium) since a few days and
send Netflow data to the argus machine.
I wonder why I am missing somthing in the traffic.
For example I opened a bittorrent session but I am not seeing any
evidence of the torrent traffic.
I Should see hundred of connections or connection attempts but I can't
see anything...
Perhaps Netflow is not the correct way to monitor such traffic ?
I mean the Netflow granularity is not enough ?
Anyway I can't see anything also for long living bittorrent sessions and
this is weird.
any hints ?
thank you
Rick
Sent from my Verizon Wireless BlackBerry
More information about the argus
mailing list