I spent last week at SHARKFEST in Palo Alto, California. The folks at Cace Technologies did a great job organizing the event. The kick off presenter was Van Jacobson who was the creator of spiffy utilities like traceroute and tcpdump.
It was great to see how the first packet analyzer came about. He also discussed collecting NetFlow and some of the issues surrounding the volume of data that can be created. He even made some suggestions on NetFlow reporting using something called Linear Least-Squares Segmentation. Interesting stuff, I was trying to thing of a ways we could implement some of his ideas into our sFlow, IPFIX and NetFlow Analyzer.
Nice job Van, your presentation was great.
I also presented a 75 minute lecture on “Where NetFlow and Packet Capture Complement each Other” that you can watch if you have time on your hands.
My wireshark skills aren’t awesome, but I seemed to get my point across. My agenda included:
- Ingress Vs. Egress
- Advanced filtering to narrow in on problems
- How and when to leverage reports
- The differences between NetFlow and Packet Capture
- Where the Technology is going
See some of the other SHARKFEST presenters here. Maybe I’ll see you there next year?
