Might want to make your subject reflect the topic for searching and stuff. Netflow works pretty good for me. If you have core routers you can enable it there - don't have to enable it on every remote. If you choose to however, it will work. the netflow streams are routable so the flow receiver(s) can be anywhere. You won't get as much detail as you would capturing real packets, but fi you don't need that detail it's far easier to configure all around - and WAY fewer resources.
If stuff doesn't support netflow - that's tricky. There's stuff (probes) that will capture live packets and create the netflow flows. Else you'll have to SPAN the interesting ports which could require a lot of power and interfaces. Then of course there's RMON and SNMP. You need to decide how much detail you want from which interfaces. Real time with history or on demand? Gathering simple throughput / utilization is easy. Getting layer 4+ info from multple interfaces gets complicated in a hurry. Gary >>> [EMAIL PROTECTED] 9/28/2006 11:08 AM >>> Cool, then I can ask my question. What is the best way to implement ntop in an all cisco environment? Vague, I know. I would like to see the traffic on our outide routers (2) and on an MSFC flexwan connection to our parent company. However, we also have two core switches (6500s) that are currently doing strange things and we'd like to see their traffic as well. I think the routers are simple enough - but I'd like clarification on whether or not the NTOP box needs to be on their network or not, or if they can send the flows across networks to it? I still need to research netflows on the MSFC, I'm assuming it supports them. The switches, on the other hand, are running CatOS and I'm pretty sure they don't support Netflow - so I suppose I should research the Sup...or something? I'm a noob to all of this, obviously, and basically looking for a starting point - and to pick the brains of those doing it for getting the best bang for the sweat. On 9/28/06, Gary Gatten <[EMAIL PROTECTED]> wrote: > yup > > >>> [EMAIL PROTECTED] 9/28/2006 10:42 AM >>> > PING? > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
