« Back
Dear Kim,
Thank you for your interest in NetFlow Analyzer. NetFlow Analyzer
would work with the netflow packets exported from netflow probes
like nProbe. NetFlow Analyzer depends on snmp of the exporting
device only to get the interface name and speed. However, with
nProbe, the concept of interface is "virtual", which means that
nProbe will not know through which interface of the router the
packet was routed.
So,if you have nProbe running on a machine A's interface1, all
the traffic (both in and out) of the network will be accounted
for in the Device A's interface1. If you would like to monitor
the in and out traffic to the network(which is being port
mirrored) you will have to tap them separately and use two
interfaces to sniff the in and out traffic separately.
Do mail us incase you have further questions in this regard.
Thanks
Meera
Thank you for your interest in NetFlow Analyzer. NetFlow Analyzer
would work with the netflow packets exported from netflow probes
like nProbe. NetFlow Analyzer depends on snmp of the exporting
device only to get the interface name and speed. However, with
nProbe, the concept of interface is "virtual", which means that
nProbe will not know through which interface of the router the
packet was routed.
So,if you have nProbe running on a machine A's interface1, all
the traffic (both in and out) of the network will be accounted
for in the Device A's interface1. If you would like to monitor
the in and out traffic to the network(which is being port
mirrored) you will have to tap them separately and use two
interfaces to sniff the in and out traffic separately.
Do mail us incase you have further questions in this regard.
Thanks
Meera
How would we tap them separately? Using Netflow Analyzer or do we need to put a second interface on the PC running the software?
The nprobe imagestream router we are using has the abiity to send streams from any of it's interfaces. Are you saying to send them both to the collector?
The nprobe imagestream router we are using has the abiity to send streams from any of it's interfaces. Are you saying to send them both to the collector?
Oh I think you mean I'd have to wireshark it etc and .. oh man what a pain
Hi,
NetFlow Analyzer classifies traffic based on the interface information in the exported NetFlow packets. The NetFlow packets exported by routers or such will have the input interface (interface through which packets came) and the output interface (the interface through which packets left the device) and based on this the IN and OUT traffic information is classified.
As for as nProbe or such software based flow generators are considered, since all the packets are exported out of a single NIC, the IN and OUT is accounted together.
But we do have a number of customers using nProbe without issues. You may have to explore options on nProbe for separating packets based on IN and OUT or for how to assign the IN and OUT interface information to the exported packets from nProbe itself.
Regards,
Don Thomas Jacob
NetFlow Analyzer classifies traffic based on the interface information in the exported NetFlow packets. The NetFlow packets exported by routers or such will have the input interface (interface through which packets came) and the output interface (the interface through which packets left the device) and based on this the IN and OUT traffic information is classified.
As for as nProbe or such software based flow generators are considered, since all the packets are exported out of a single NIC, the IN and OUT is accounted together.
But we do have a number of customers using nProbe without issues. You may have to explore options on nProbe for separating packets based on IN and OUT or for how to assign the IN and OUT interface information to the exported packets from nProbe itself.
Regards,
Don Thomas Jacob
Post Actions
Corp