Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3306
Views
0
Helpful
6
Replies

Monitoring Network via SPAN

Go to solution
Dmitry Kishkin
Level 1
Level 1

‎09-27-2012 10:08 AM

Hi all. I have one segment network where i must monitor one host.  But there segment not have switches or routers who can work with NetFlow. And i think i can monitor this host via span(port mirroring). When i do it i have problem. Sniffers get too much information and memory very fast to low.

Some people said, i can use special soft about netflow sensor's who convert RAW traffic to NetFlow traffic. But big problem find this programms for windows. What i found  can't convert RAW traffic.

Who can me talk how i can monitor via SPAN ? or may be tell another way.

Actual , may be i virtualized router and sent RAW traffic to this virt machine, then he convert to netflow traffic and then sent it to netflow collector?

i am in panic =)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Dmitry Kishkin

‎09-29-2012 01:59 PM

yes, it's about $50 ... Good luck if you want to find something cheaper ... ;-)

You still could run it under linux, that version can be used free of charge.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Karsten Iwen
VIP
VIP

‎09-27-2012 10:24 AM

Take a look at ntop: http://www.ntop.org/products/ntop/

It can be attached to a span-destination and analyze everything it sees on that port.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Dmitry Kishkin
Level 1
Level 1
In response to Karsten Iwen

‎09-29-2012 11:50 AM

Thanks , i found ntop, but seens program for windows is no free. If i download ntop for windows and instal him. He not work propetly. He shows L3 host how Netflow, but quikly stop do it.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Dmitry Kishkin

‎09-29-2012 01:59 PM

yes, it's about $50 ... Good luck if you want to find something cheaper ... ;-)

You still could run it under linux, that version can be used free of charge.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Dmitry Kishkin
Level 1
Level 1
In response to Karsten Iwen

‎10-01-2012 01:21 AM

Sad =( =) I go to setup linux =)

Another question, if i sent RAW flow to port Router, he can transfer this flow to NetFlow ?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Dmitry Kishkin

‎10-01-2012 01:34 AM 

Another question, if i sent RAW flow to port Router, he can transfer this flow to NetFlow ?

yes, but the router will also process the data. So it's probably not the solution you are looking for.

Some more ways:

FlowTraq FlowExporter can convert them:

http://www.flowtraq.com/corporate/product/flow-exporter

nProbe should also be capable of taking the traffic and sending it to a collector:

http://www.ntop.org/products/nprobe/

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Dmitry Kishkin
Level 1
Level 1
In response to Karsten Iwen

‎10-02-2012 03:35 AM

Thank you very match, you answers was very helpfull/

0 Helpful
Customers Also Viewed These Support Documents