On Jan 26, 19:52, Andrew Kemp wrote:
> I was advocating the use of cflowd and related
> utils for this project, but a couple of other
> network engineers has raised a concern with
> "the summarisation that cflowd performs".
>
> Another consequence of this summaristaion is that
> "cflowd was considered deficient as it throws
> away too much data".
Use used to use the flow-* tools earlier but eventually decided to use
cflowd:
- Your colleagues are somewhat right, but cflowd can be made to capture
the complete flows, too. Just use Dave Plonka's patches:
http://ipn.caida.org/archives/cflowd/0847.html
http://net.doit.wisc.edu/~plonka/cflowd/
- You can use the cflowd's flowdump to analyse the flows or use the C++
API to write your own tools. With the flow-* tools I ended up writing perl
scripts to analyse the flows, but C++ is definitely more efficient.
(I like both Perl and C++ but not unstructured C.)
- cflowd's separate process cflowdmux causes less packet loss and allows
to log every single missed flow.
Martin
-- Dr. Martin Horneffer -- Horneffer@rrz.uni-koeln.de -- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Fri Jan 26 2001 - 02:28:10 PST