For SNMP bandwidth monitoring use MRTG. A tap will allow you to see what's traversing the ethernet link. Not anything that's traversing other ports on the router (again, dpends on your topology). So if your router has just a LAN interface and a WAN interface, that'll work well.
Make your own tap: http://www.snort.org/docs/tap/ Or just mirror the router's switchport to another port you hook up an NTOP sniffer interface. It's advisable that your NTOP box has at LEAST 2 NICs. One for management plus sniffer interfaces - you'll need one for a port mirror, two bonded together for a tap. Like Gary mentioned, I use a variety of methods for monitoring traffic depending on the situation. C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Smith Sent: Tuesday, April 25, 2006 12:40 PM To: [email protected] Subject: RE: [Ntop] Were to placing Ntop on the network Thanks to everyone for all the advice given. Basically we've recently turned SNMP on our routers and been monitoring this with a eval version of SolarWinds Orian (which we think is great but very expensive, if anyone can recommend another product - maybe one that does SNMP monitoring and top talkers, I would be grateful!) Anyway SNMP is telling us that at certain times of the day our routers at certain sites and varying times are running really high. Now what we would like to do is be able to see who is generating this traffic. This is really were we are coming from by testing Ntop. We don't really look after the routers so we can't simply get on there and make changes or view stats so we need a third party product. >From what everyone is saying, I don't think requesting having NetFlow turned in is a good idea for us. One thing we thought could work (and I'd appreciate any thoughts on this) is maybe purchase an "Ethernet tap" such as: http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=4 &Section=products&menuitem=1 and then plug our router, switch and Ntop server into this. Do you think that doing this would give us an indication of who was using our WAN traffic? Thanks again for all the help so far Andrew www.purenetworking.net -----Original Message----- From: Gary Gatten [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 25, 2006 4:36 PM To: [EMAIL PROTECTED]; [email protected] Subject: Re: [Ntop] Were to placing Ntop on the network Trying to do what you want in a fully switched environment is not as easy as you might think. If you have common aggregation points, such as uplinks to server farms, WAN routers, etc. you can start there and catch most everything "important", but you still won't see "all" traffic an end node might be involved in - such as PtP with another end node on the LAN. Netflow / xflow / IPFix / whatever might work OK if your equipment supports it. Not all classes of cisco switches do. Trying to SPAN/RSPAN EVERY port would be problematic at best. You can also try implementing RMON and using the feature therein, such as Topn. Yet another option would be configuring RMON alerts and events on each port based on throughput and/or doing SNMP collections on each port using Openview, MRTG, or any of the other ten thousand SNMP utils out there. I personally use a combination of most everything I mentioned. Each approach accomplishes a slightly different goal - it seems to work OK. Guess it all depends on exactly what you want to accomplish. Define your goals and implement the best solution(s). Gary >>> [EMAIL PROTECTED] 4/25/2006 5:09:46 AM >>> Hello We are running a fully switched Cisco network and want to be able to see who are the top talkers both on our site and on remote sites. Now I've just set Ntop up had it running for a few hours. Its looks to be gathering info. We don't have NetFlow or anything like that configured on our routers. So Ntop is really just running in its default config. Would I be right in think that: a) Ntop is only reporting traffic that is on the LAN segment, it can't tell what is going on at a remote site b) The traffic is sees is only stuff that come though its network interface. So its not really giving me a true reflection of how busy the LAN is? _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop ********************************************************************** Confidential/Proprietary Note The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you. Guardian Mtg Documents, Inc. 225 Union Boulevard, Suite 200 Lakewood, CO 80228. ********************************************************************** _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
