Linux Today: Linux News On Internet Time.





More on LinuxToday


Traffic Analysis Using Debian Lenny

Feb 06, 2010, 18:02 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

[ Thanks to Falko Timme for this link. ]

"1. The Link

"The Link has 10 MBit/s wirespeed and is a routing gateway between 2 sites located a few kilometers apart. A short calculation how much data travels over this link gave the result, that it should be in the range of ~25 GigaByte/Day. On one side of the link are approximately 2000 systems, on the other side about 200, and about a dozend communication relations between both sides of interest for us. Later we noticed that about 40-50 million packages travel over this link every day from 7am-5pm.

"As ntop analyzes all traffic and shows communication relations, for example in the way of top-talkers and the like we assumed that ntop would use a lot of RAM to build tables about all communication relations we thought that the probe should have as much RAM as possible.

"2. The Probe

"We decided to use an old unused box, do a minimal install of Debian Lenny and use it as ntop probe. We only did a minimal install because we did not want to waste the precious RAM for X11 or other useless applications, useless for this use-case. We decided to use Debian because it is easy adaptable to our needs, and it is known for it's stability. But you can build a probe as the described here with every other Linux Distribution you are familiar with, also the *BSD's may also be a good foundation."

Complete Story

Related Stories: