specific traffic visualization

[alireza tirekar]

Hello every one, 

I wanna write a script that get source and destination ip address and shows me the traffic between them. Does any one know how can I do that? Thanks a lot

[Kevin J. Crandall]

iftop is your friend.

On Tue, Oct 20, 2020, 00:37 alireza tirekar <alireza....@gmail.com> wrote:

Hello every one, 

I wanna write a script that get source and destination ip address and shows me the traffic between them. Does any one know how can I do that? Thanks a lot

--
You received this message because you are subscribed to the Google Groups "sFlowTrend" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflowtrend+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sflowtrend/9735f763-fd5d-46b9-ad1e-5c00b13b1bf3n%40googlegroups.com.

[alireza tirekar]

thank you for the answer. can I use that for monitoring traffic between two switches too?

[Sonia Panchen]

sFlowTrend supports a REST API which allows you to access data that has been collected. One way to understand the API is to generate a Network > Top N chart (https://inmon.com/products/sFlowTrend/help/html/network.topn.html) that meets your requirements, then use the browser developer tools to observe the request and response. This should give you an idea of how to format a query and parse the results in a script.

On 20 Oct 2020, at 05:37, alireza tirekar <alireza....@gmail.com> wrote:

Hello every one, 

I wanna write a script that get source and destination ip address and shows me the traffic between them. Does any one know how can I do that? Thanks a lot

--

[Kevin J. Crandall]

Your question is very broad, indicating to me that you don't know exactly what you are trying to monitor.  Because "traffic" can mean so many things.  I don't know your network topology.   Are the two switches identical devices, same manufacturer & model?  Are they managed or unmanaged? Any VLANs? Are they handling Layer 2 & 3  (broadcast domains in addition to IP routing) or just Layer 2? Two very different, albeit supplemental,  beasts.  Sometimes people confuse routers with switches because, well, it's confusing and most enterprise and even basic managed switches can perform the role of a Layer 3 router in addition to Layer 2 broadcast domains, usually configured as VLANs.

So take a step back and figure out what you are trying to monitor.  If you are trying to monitor Layer 2 (MAC address to IP address resolution via broadcast domains & ARP) between two managed switches linked together, then you can leverage LLDP or CDP (deprecated) or examine the arp tables directly on the switch. Or if the managed switch supports sflow/netflow send the flows to a collector like ntopng or Solar Winds or Scrutinizer.  If you are trying to monitor Layer 3 traffic between switches acting as routers, you can use Layer 3 tools such as iftop, ntop, or insert a tap or utilize a mirrored port to send traffic to a device serving as a flow generator, or in lieu of a flow generator you can simply send the traffic as tapped or mirrored to ntopng, which will gobble up the traffic and give you real time Layer 3 information.  I use Raspberry Pi 3+ running Raspbian and ntopng hanging off a mirrored (aka "span" port) to gain real time insight.

To view this discussion on the web visit https://groups.google.com/d/msgid/sflowtrend/be118e4a-ac48-47e0-a6fd-015578cba4e7n%40googlegroups.com.