Sniffer Designed to Store Months of Traffic Data to a Database?

What options are there for a sniffer that would store at least summary
information about each packet into a database running on the same machine
and allow easy retrieval of this information for months (or as long as you
have practical amounts of storage for). Having something like ethereal
that could view IP and ethernet addresses, but could then store and retrieve
on any parameters from an SQL database, would be quite handy.

--
Will

Re: Sniffer Designed to Store Months of Traffic Data to a Database?

"Will" writes:

>What options are there for a sniffer that would store at least summary
>information about each packet into a database running on the same machine
>and allow easy retrieval of this information for months (or as long as you
>have practical amounts of storage for). Having something like ethereal
>that could view IP and ethernet addresses, but could then store and retrieve
>on any parameters from an SQL database, would be quite handy.

>--
>Will

argus (http://www.qosient.com/argus) is what I use (although it isn't
in a data base, although I there is work towards that going on). Various
netflow based pacakges and ipaudit work similarly. There are also a bunch of
commercial flow analysis products out there but they are usually quite pricey.
On fast links (gig and up) performance gets to be quite interesting.

Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada

Re: Sniffer Designed to Store Months of Traffic Data to a Database?

"Peter Van Epp" wrote in message
news:eo5mbf$97s$1@morgoth.sfu.ca...
> "Will" writes:
>
> >What options are there for a sniffer that would store at least summary
> >information about each packet into a database running on the same machine
> >and allow easy retrieval of this information for months (or as long as
you
> >have practical amounts of storage for). Having something like ethereal
> >that could view IP and ethernet addresses, but could then store and
retrieve
> >on any parameters from an SQL database, would be quite handy.
>
> >--
> >Will
>
> argus (http://www.qosient.com/argus) is what I use (although it
isn't
> in a data base, although I there is work towards that going on). Various
> netflow based pacakges and ipaudit work similarly. There are also a bunch
of
> commercial flow analysis products out there but they are usually quite
pricey.
> On fast links (gig and up) performance gets to be quite interesting.

I would not mind spending up to say $1K for a decent quality commercial
product that stored data in a database, so we could do queries to quickly
collect subsets of the data. We are connected to Internet on DSL so it's
unlikely I need gigabit level products. I'm more focused on feature set in
analysis of the data.

If anyone knows of product reviews for this kind of product I would love to
hear some evaluations.

--
Will