argus and netflow
Riccardo Veraldi
Riccardo.Veraldi at cnaf.infn.it
Wed Jul 14 15:18:53 EDT 2010
I think I Should look for a TAP solution so that I can mirror my 10Gig
uplink... and feed argus with it...
thank you
Riccardo
carter at qosient.com wrote:
> Netflow is not a reliable source of flow data. It is statistical, so you will not see all the traffic, and in some cases it may not report a flow until the flow closes, so you may not be notified for days/months that a flow is in the network.
>
> Argus is a better solution.
>
> Carter
>
>
> ------Original Message------
> From: Riccardo Veraldi
> Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
> To: Argus
> Subject: [ARGUS] argus and netflow
> Sent: Jul 14, 2010 12:15 PM
>
> Hello,
> I am analyzing network traffic with argus (radium) since a few days and
> send Netflow data to the argus machine.
> I wonder why I am missing somthing in the traffic.
> For example I opened a bittorrent session but I am not seeing any
> evidence of the torrent traffic.
> I Should see hundred of connections or connection attempts but I can't
> see anything...
> Perhaps Netflow is not the correct way to monitor such traffic ?
> I mean the Netflow granularity is not enough ?
> Anyway I can't see anything also for long living bittorrent sessions and
> this is weird.
>
> any hints ?
>
> thank you
>
> Rick
>
>
>
>
> Sent from my Verizon Wireless BlackBerry
More information about the argus
mailing list