(I'm out of practice with mailing lists, apologies in advance).... 

Dove tailing on this request... not sure its worth another thread.

Is there a good Sflow-way or Sflow+something way to link all the traffic flow from a physical port for this kind (or any kind) of inspection?

One way would be to suck down all the IP configs (and learned addresses ala BGP) and perform complex analysis of the Sflow database.

I'm hoping there is something more intuitive... so you could say port 5 on switch xxx has this % TCP traffic vs this % UDP traffic (for example).

I'm only aware of Sflow being IP/protocol/etc aware.

thanks in advance,


> Please keep the suggestions coming.

Iâ??ve had good results using Traffic Sentinel from Inmon. Itâ??s got a nice queriable database backend and you donâ??t have to do much manual setup to get good results. The UI feels a bit 1995, but it works, and the API is practical and useful. Itâ??s quite fast, too.

They can probably give you trial licenses to see if it works for you.