Skip to Main Content
Distributed network analysis deals with the inspection of traffic observed at various locations in the network. The conventional approach is to deploy a full-fledged network analyzer at every observation point, which allows exhaustive examinations, but at the same time is a very costly solution. In this paper, we present an alternative approach using packet data exported by PSAMP and Flexible Netflow devices, such as routers, switches, and monitoring probes. Exported packet records are received by the real-time network analysis framework TOPAS and examined by the open-source network analyzer Wireshark. Monitoring devices are configured with a Monitor Manager in order to export only data needed to achieve the analysis goal. Apart from an architectural description, this paper contains the results of experimental performance evaluations and a discussion on the advantages and limitations of our approach.