I'd suggest getting just about any small computer (even an old celeron 300 might work), mirror a port on a switch that DOES have the "real" internal IPs on it (like, just before a NAT router, on the inside), so all that traffic is sent to this other Linux (or FreeBSD, or whatever box). Then run a netflow program on this that exports netflow data to intermapper. I've done similar things in the past when I was playing with bandwidthd. Its a nice solution as you get all the data, but no point of failure, as its not an in-line box. Looking around SourceForge.net, it looks like http://sourceforge.net/projects/ipt-netflow/ might be a netflow GENERATOR. I have not played with it yet, but maybe it'll do what you need. If not, I'm sure theres another package out there that'll generate the netflow data, and send it to your intermapper server.
- - - Jon Myers Network Manager Alfred State College ________________________________________ From: [email protected] [EMAIL PROTECTED] On Behalf Of Mike Lieberman [EMAIL PROTECTED] Sent: Thursday, September 18, 2008 8:30 PM To: 'InterMapper Discussion' Subject: RE: [IM-Talk] Net Flow and MAC addresses Vince, Thanks for your reply. It is appreciated. Yes it is too bad. The customers would either have to replace their firewall to do this or a two port NetFlow enable d switch between the LAN and the firewall! That is an example of a technology that has a real limitation! :-) But maybe I can sell some firewalls! Mike -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Vincent Berk Sent: Thursday, September 18, 2008 6:24 PM To: InterMapper Discussion Subject: Re: [IM-Talk] Net Flow and MAC addresses Mike: Unfortunately, in your situation, the customer-private addresses are lost, and you cannot see them. The MAC address is not retained. All you could tell them is where their traffic is going on the Internet side of things. To view traffic inside their own networks, they would have to run some sort of exporter technology themselves... Thanks -Vince > We are a service provider and the routers outside our customer firewalls are > ours. Our customers frequently ask why is bandwidth usage so high and what > is the cause. They do not have the technology inside their LANS and even if > they did, the top ten in a LAN switch will probably have no bearing on the > top 10 that reaches the router outside the firewall. > > None the firewalls our routers are in front of at customer sites are NetFlow > capable. So the question becomes with private networks how does NetFlow help > at all at the router as far as host info when there is only one IP address > hitting the router as the re-written? As the MAC address in is in the > datagram but it is not part of the header I had hoped it was the original > MAC address. ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED]
