For SNMP bandwidth monitoring use MRTG.

A tap will allow you to see what's traversing the ethernet link. Not
anything that's traversing other ports on the router (again, dpends on
your topology). So if your router has just a LAN interface and a WAN
interface, that'll work well.

Make your own tap: http://www.snort.org/docs/tap/

Or just mirror the router's switchport to another port you hook up an
NTOP sniffer interface. It's advisable that your NTOP box has at LEAST 2
NICs. One for management plus sniffer interfaces - you'll need one for a
port mirror, two bonded together for a tap. Like Gary mentioned, I use a
variety of methods for monitoring traffic depending on the situation.

C


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Andrew Smith
Sent: Tuesday, April 25, 2006 12:40 PM
To: [email protected]
Subject: RE: [Ntop] Were to placing Ntop on the network

Thanks to everyone for all the advice given.

Basically we've recently turned SNMP on our routers and been monitoring
this with a eval version of SolarWinds Orian (which we think is great
but very expensive, if anyone can recommend another product - maybe one
that does SNMP monitoring and top talkers, I would be grateful!) Anyway
SNMP is telling us that at certain times of the day our routers at
certain sites and varying times are running really high. Now what we
would like to do is be able to see who is generating this traffic.

This is really were we are coming from by testing Ntop. We don't really
look after the routers so we can't simply get on there and make changes
or view stats so we need a third party product.

>From what everyone is saying, I don't think requesting having NetFlow
turned in is a good idea for us.

One thing we thought could work (and I'd appreciate any thoughts on
this) is maybe purchase an "Ethernet tap" such as:

http://www.netoptics.com/products/product_family_details.asp?cid=1&pid=4
&Section=products&menuitem=1

and then plug our router, switch and Ntop server into this.

Do you think that doing this would give us an indication of who was
using our WAN traffic?

Thanks again for all the help so far

Andrew
www.purenetworking.net



-----Original Message-----
From: Gary Gatten [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 25, 2006 4:36 PM
To: [EMAIL PROTECTED]; [email protected]
Subject: Re: [Ntop] Were to placing Ntop on the network

Trying to do what you want in a fully switched environment is not as
easy as you might think.  If you have common aggregation points, such as
uplinks to server farms, WAN routers, etc. you can start there and catch
most everything "important",  but you still won't see "all" traffic an
end node might be involved in - such as PtP with another end node on the
LAN.

Netflow / xflow / IPFix / whatever might work OK if your equipment
supports it.  Not all classes of cisco switches do.  Trying to
SPAN/RSPAN EVERY port would be problematic at best.  You can also try
implementing RMON and using the feature therein, such as Topn.  Yet
another option would be configuring RMON alerts and events on each port
based on throughput and/or doing SNMP collections on each port using
Openview, MRTG, or any of the other ten thousand SNMP utils out there.

I personally use a combination of most everything I mentioned.  Each
approach accomplishes a slightly different goal - it seems to work OK.
Guess it all depends on exactly what you want to accomplish.  Define
your goals and implement the best solution(s).

Gary


>>> [EMAIL PROTECTED] 4/25/2006 5:09:46 AM >>>
Hello


We are running a fully switched Cisco network and want to be able to
see who are the top talkers both on our site and on remote sites.

Now I've just set Ntop up had it running for a few hours. Its looks to

be gathering info. We don't have NetFlow or anything like that
configured on our routers. So Ntop is really just running in its
default config.

Would I be right in think that:

a) Ntop is only reporting traffic that is on the LAN segment, it can't

tell what is going on at a remote site

b) The traffic is sees is only stuff that come though its network
interface. So its not really giving me a true reflection of how busy
the LAN is?


_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop



_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

**********************************************************************
Confidential/Proprietary Note

The information in this email is confidential and may be legally privileged.  
Access to this email by anyone other than the intended addressee is 
unauthorized.  If you are not the intended recipient of this message, any 
review, disclosure, copying, distribution, retention, or any action taken or 
omitted to be taken in reliance on it is prohibited and may be unlawful.  If 
you are not the intended recipient, please reply to or forward a copy of this 
message to the sender and delete the message, any attachments, and any copies 
thereof from your system.  Thank you.
Guardian Mtg Documents, Inc.
225 Union Boulevard, Suite 200
Lakewood, CO 80228.
**********************************************************************
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to