Just 'googled' netflow, and it seems ntop has a build-in NetFlow
collector:
http://www.ntop.org/overview.html
Dartware: has that been tested as a collector with IM?
Jakob Peterhänsel
"Be a part of the Love Generation - carry a smile, not a gun."
- JP, May 2006
Email: [EMAIL PROTECTED]
AIM: Marook
Phone: +45 30787715
On 19/09/2008, at 15:17, Myers, Jon W wrote:
I'd suggest getting just about any small computer (even an old
celeron 300 might work), mirror a port on a switch that DOES have
the "real" internal IPs on it (like, just before a NAT router, on
the inside), so all that traffic is sent to this other Linux (or
FreeBSD, or whatever box). Then run a netflow program on this that
exports netflow data to intermapper. I've done similar things in
the past when I was playing with bandwidthd. Its a nice solution as
you get all the data, but no point of failure, as its not an in-line
box. Looking around SourceForge.net, it looks like http://sourceforge.net/projects/ipt-netflow/
might be a netflow GENERATOR. I have not played with it yet, but
maybe it'll do what you need. If not, I'm sure theres another
package out there that'll generate the netflow data, and send it to
your intermapper server.
- - - Jon Myers
Network Manager
Alfred State College
________________________________________
From: [email protected] [EMAIL PROTECTED]
] On Behalf Of Mike Lieberman [EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 8:30 PM
To: 'InterMapper Discussion'
Subject: RE: [IM-Talk] Net Flow and MAC addresses
Vince,
Thanks for your reply. It is appreciated.
Yes it is too bad. The customers would either have to replace their
firewall
to do this or a two port NetFlow enable d switch between the LAN and
the
firewall! That is an example of a technology that has a real
limitation! :-)
But maybe I can sell some firewalls!
Mike
-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Vincent Berk
Sent: Thursday, September 18, 2008 6:24 PM
To: InterMapper Discussion
Subject: Re: [IM-Talk] Net Flow and MAC addresses
Mike:
Unfortunately, in your situation, the customer-private addresses
are lost, and you cannot see them. The MAC address is not retained.
All you could tell them is where their traffic is going on the
Internet
side of things. To view traffic inside their own networks, they would
have to run some sort of exporter technology themselves...
Thanks
-Vince
We are a service provider and the routers outside our customer
firewalls
are
ours. Our customers frequently ask why is bandwidth usage so high
and what
is the cause. They do not have the technology inside their LANS and
even
if
they did, the top ten in a LAN switch will probably have no bearing
on the
top 10 that reaches the router outside the firewall.
None the firewalls our routers are in front of at customer sites are
NetFlow
capable. So the question becomes with private networks how does
NetFlow
help
at all at the router as far as host info when there is only one IP
address
hitting the router as the re-written? As the MAC address in is in
the
datagram but it is not part of the header I had hoped it was the
original
MAC address.
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
