[clug] Measuring Bandwidth usage by Application Protocol
dale.shaw at gmail.com
Sun Nov 1 23:52:14 MST 2009
On Mon, Nov 2, 2009 at 3:53 PM, jm <jeffm at ghostgun.com> wrote:
> I'm looking at generating some network
> usage statistics on an open network with a large number of users. The data
> I'm looking to collect is
> Source IP
> Source Port
> Destination IP
> Destination Port
> Application Protocol
> of each session or flow on a 15 minute basis. NetFlow is close to giving me
> with this, but lacks the application level protocol information that I'm
> after. Any thought, or suggestions on how to collect this data?
What application-layer detail do you need that a NetFlow-based
solution doesn't give you? Usually (from what I've seen) this is done
in the reporting engine, rather than the collector itself -- sometimes
these functions are combined into one system/product. It's usually
limited (again, based on my experience) to application recognition
based on network and transport layer information (e.g. src/dst IP
addresses, IP protocol numbers, TCP/UDP port numbers).
Digging deeper into the packet gets pretty expensive in terms of
network device resources, so perhaps a port mirror or TAP solution
utilising a passive probe would give you the insight you need.
Anyway, which collector are you using? Are you strictly looking for a
Have you had a play with 'ntop'?
More information about the linux