netflow analysis for jitter and packet loss?

Mailman List Mirror (Read Only)
1

What tools are people most happy with? Specifically I'm hoping to mirror a
port and later see if I can detect any inbound jitter or possibly even out
of order udp datagrams. At first glance it doesn't look like ntop or plixer
can provide that level of detail. Any suggestions?

-shac

2

has it to be netflow? if you are using cisco gear have you tried ip sla?

http://www.cisco.com/en/US/products/ps6602/products_ios_protocol_group_home.html

regards,

javier

3

Flow telemetry is extremely useful, but it isn't really suited for looking at things like jitter and delay, and out-of-order packets. It can be used to identify loss in many instances, as well as communications relationships, bps/pps, source/destination distribution, macro-level application behaviors, statistical and behavioral anomalies, DDoS attacks, et. al., but you really need packet-level classification/inspection to get the level of detail you mention.

4

If you're considering actual 'netflow' data, I'm not really sure it will
help with your requirements. The smallest unit is the 'flow' which could
include many UDP packets and has only *flow* start and end times.

Cisco's IP SLA might help. See:

http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsjitter.html

Joe

From:
Shacolby Jackson <shacolby@bluejeansnet.com>
To:
nanog@nanog.org
Date:
02/01/2011 07:21 PM
Subject:
netflow analysis for jitter and packet loss?

What tools are people most happy with? Specifically I'm hoping to mirror a
port and later see if I can detect any inbound jitter or possibly even out
of order udp datagrams. At first glance it doesn't look like ntop or
plixer
can provide that level of detail. Any suggestions?

-shac