From owner-freebsd-net@FreeBSD.ORG  Sun Jun 18 20:54:23 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A08E16A479
	for <freebsd-net@freebsd.org>; Sun, 18 Jun 2006 20:54:23 +0000 (UTC)
	(envelope-from b.candler@pobox.com)
Received: from proof.pobox.com (proof.pobox.com [207.106.133.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2D17343D46
	for <freebsd-net@freebsd.org>; Sun, 18 Jun 2006 20:54:23 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from proof (localhost [127.0.0.1])
	by proof.pobox.com (Postfix) with ESMTP id 3488028D87;
	Sun, 18 Jun 2006 16:54:22 -0400 (EDT)
Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com
	[212.74.113.67])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id EABFC551E3;
	Sun, 18 Jun 2006 16:54:19 -0400 (EDT)
Received: from brian by mappit.local.linnet.org with local (Exim 4.61
	(FreeBSD)) (envelope-from <b.candler@pobox.com>)
	id 1Fs4Hi-0009m3-E4; Sun, 18 Jun 2006 21:54:18 +0100
Date: Sun, 18 Jun 2006 21:54:18 +0100
From: Brian Candler <B.Candler@pobox.com>
To: Phil Regnauld <regnauld@catpipe.net>
Message-ID: <20060618205418.GA37548@uk.tiscali.com>
References: <4495530f.265f68ff.360d.48fa@mx.gmail.com>
	<20060618142644.81731.qmail@web36304.mail.mud.yahoo.com>
	<20060618180951.GA37133@uk.tiscali.com>
	<20060618182151.GB2627@catpipe.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060618182151.GB2627@catpipe.net>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-net@freebsd.org, Nash Nipples <trashy_bumper@yahoo.com>
Subject: Re: Simple LAN IP accounting
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jun 2006 20:54:23 -0000

On Sun, Jun 18, 2006 at 08:21:51PM +0200, Phil Regnauld wrote:
> > very efficient way of doing this analysis. You can turn the sflow data into
> > simple CSV records using 'sflowtool', or ntop has an sflow module.
> 
> 	Ntop just seems very unreliable and bloated to me, at least after
> 	version 1.  Has it changed ?

I don't know. I looked at it briefly recently, but it didn't do what I
wanted (which was to be able to export and analyse *all* flows seen). At
least, there was an "export" function, but it was broken.

If you just want something to visualize your top 20 traffic sources and
protocols, i.e. keep an eye on your network and notice sudden new large
sources such as viruses or P2P nodes, it may be useful.

Regards,

Brian.