cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1960
Views
0
Helpful
6
Replies
Highlighted
Beginner

Monitoring Network via SPAN

Hi all. I have one segment network where i must monitor one host.  But there segment not have switches or routers who can work with NetFlow. And i think i can monitor this host via span(port mirroring). When i do it i have problem. Sniffers get too much information and memory very fast to low.

Some people said, i can use special soft about netflow sensor's who convert RAW traffic to NetFlow traffic. But big problem find this programms for windows. What i found  can't convert RAW traffic.

Who can me talk how i can monitor via SPAN ? or may be tell another way.

Actual , may be i virtualized router and sent RAW traffic to this virt machine, then he convert to netflow traffic and then sent it to netflow collector?

i am in panic =)

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Monitoring Network via SPAN

yes, it's about $50 ... Good luck if you want to find something cheaper ... ;-)

You still could run it under linux, that version can be used free of charge.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

6 REPLIES 6
Highlighted
VIP Mentor

Monitoring Network via SPAN

Take a look at ntop: http://www.ntop.org/products/ntop/

It can be attached to a span-destination and analyze everything it sees on that port.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Highlighted
Beginner

Monitoring Network via SPAN

Thanks , i found ntop, but seens program for windows is no free. If i download ntop for windows and instal him. He not work propetly. He shows L3 host how Netflow, but quikly stop do it.

Highlighted
VIP Mentor

Monitoring Network via SPAN

yes, it's about $50 ... Good luck if you want to find something cheaper ... ;-)

You still could run it under linux, that version can be used free of charge.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

Highlighted
Beginner

Monitoring Network via SPAN

Sad =( =) I go to setup linux =)

Another question, if i sent RAW flow to port Router, he can transfer this flow to NetFlow ?

Highlighted
VIP Mentor

Monitoring Network via SPAN

Another question, if i sent RAW flow to port Router, he can transfer this flow to NetFlow ?

yes, but the router will also process the data. So it's probably not the solution you are looking for.

Some more ways:

FlowTraq FlowExporter can convert them:

http://www.flowtraq.com/corporate/product/flow-exporter

nProbe should also be capable of taking the traffic and sending it to a collector:

http://www.ntop.org/products/nprobe/

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Beginner

Monitoring Network via SPAN

Thank you very match, you answers was very helpfull/

CreatePlease to create content
Content for Community-Ad