This is exactly long the lines of what I'm trying to do as well...
http://home.bowenvale.co.nz/wp/concept.jpg
Except I don't have "ports" on a router, but I'm planning networks on
vlans (per the diagram above).
The RB 750G is a mikrotik router that spits out netflow data. My plan
is to set up vlans to the RB 250G (which is a layer 2 managed switch).
So Vlan 10 - 192.168.1.0/24, Vlan 30 - 192.168.2.0/24, Vlan 30 -
192.168.3.0/24, etc
The reason I'm thinking this is because I don't want the users to run
NAT routers because I'd then end up with double natting, which will
upset some apps.
My current thinking is that perhaps I set up private AS ranges then use
ntop to consolidate the data that way. I want daily and monthly
running totals for each port on the RB 250G (ie each VLAN)
D
On 29/01/2011 5:19 a.m., Gary Gatten wrote:
I think there may be several ways to achieve what you wish. The question is, what
exactly do you want to split? If it's "all" traffic data (detailed), you'll
need netflow with different logical netflow interfaces for each of the three interfaces
you are monitoring. If you just want summary data (bytes and packets Tx and Rx, etc.)
grouped by each network range you are monitoring - you can use clusters / communities;
one for each network range.
You network diagram didn't format clearly for me. If you need additional
assistance, please attach network diagram in a txt file and include what type
of network equipment you have. Or, spell out specifically what problem(s) your
trying to address.
HTH
G
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Zorg
Sent: Friday, January 28, 2011 9:57 AM
To: [email protected]
Subject: [Ntop] split result by network
Hello,
I have a network which looks like this :
____
| 1 |
|___|____________
|
|
____ |
| 2 | | ________
|___|____________|ROUTER|__| NTOP |
| |_place_|
|
____ |
| 3 | |
|___|____________|
1 = 192.168.1.0
2 = 192.168.2.0
3 = 192.168.3.0
NTOP = 192.168.4.0
I would like to monitor traffic from place 1, place 2, place 3 to NTOP
place. Is it possible to split info (as if i had 3 differents
interfaces), it will be a "logical split".
An other solution is to put nprobe/netflow on each 1, 2, 3, and to
create 1 interface by nprobe, but i'm afraid that send netflow traffic
and network traffic on the same link full the link, what do you think
about it?
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in
1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
