Wherever and however you see the traffic only once. If you're looking for
custom design services, contact me off-list.
-----Burton
US-based commercial support for ntop:
http://www.ntopsupport.com
mailto:[EMAIL PROTECTED]
Search the ntop mailing lists at gmane:
http://search.gmane.org
(nearly current) ntop FAQ including "HowTo Ask for Help" at
http://www.ntopsupport.com/faq.html
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff
> Mandel
> Sent: Monday, May 17, 2004 5:16 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Ntop] de-duplicating netflows from multiple devices
>
>
> When collecting from multiple routers where there will clearly be some
> overlap, where is the appropriate point to filter the duplicates out?
> Could it be done with ntop filtering expressions?
> What are folks doing out there with multiple routers to keep their data
> from being inflated?
>
>
> Burton M. Strauss III wrote:
>
> >There is only one netflow-device pseudo device - everything ntop sees is
> >aggregated into that as if it were a single physical NIC. If
> ntop sees the
> >flow twice, it will be counted twice.
> >
> >-----Burton
> >
> >
> >
> >>-----Original Message-----
> >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff
> >>Mandel
> >>Sent: Monday, May 17, 2004 3:22 PM
> >>To: [EMAIL PROTECTED]
> >>Subject: [Ntop] de-duplicating netflows from multiple devices
> >>
> >>
> >>Hello,
> >>
> >>I have a question about de-duplicating netflows from multiple devices.
> >>
> >>I've been using ntop for netflow collection from a single router and I'm
> >>just now starting to aggregate the netflow data from multiple sources.
> >>
> >>When collecting netflows from several routers, how are duplicate flows
> >>handled?
> >>
> >>For example
> >>+-------+ +-------+ +-------+ +-------+
> >>| host1 |--> |Router1|--> |Router2|--> | host2 |
> >>+-------+ +-------+ +-------+ +-------+
> >>
> >>Router1 and Router2 are both sending to the same ntop collector.
> >>+-------+ +---------+
> >>|Router1|--> |Collector|
> >>+-------+ +---------+
> >> ^
> >> |
> >>+-------+
> >>|Router2|
> >>+-------+
> >>
> >>When hosts 1 and 2 are talking, the same flow should be collected by
> >>each router, then sent to the collector. The routers are cisco routers
> >>sending v5 netflow data. Does the collector de-duplicate this?
> >>
> >>Additionally, I was comparing ntop to another collector/analyzer from
> >>crannog, who suggests you setup a different udp port on which to listen
> >>for each router sending netflows to the collector. That seems to be it's
> >>way of separating flows. It looks like ntop can only listen to one port.
> >>
> >>Does ntop have a way to separate flows from different devices?
> >>Does it matter?
> >>Would you recommend separating the flows?
> >>
> >>
> >>Thanks,
> >>
> >>Jeff
> >>_______________________________________________
> >>Ntop mailing list
> >>[EMAIL PROTECTED]
> >>http://listgateway.unipi.it/mailman/listinfo/ntop
> >>
> >>
> >
> >_______________________________________________
> >Ntop mailing list
> >[EMAIL PROTECTED]
> >http://listgateway.unipi.it/mailman/listinfo/ntop
> >
> >
>
> _______________________________________________
> Ntop mailing list
> [EMAIL PROTECTED]
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
