[c-nsp] Getting Netflow information from an Extreme Networks network without Netflow/Sflow

Adam Powers apowers at lancope.com
Wed Nov 28 08:54:02 EST 2007 

I would definitely take a look at Luca Deri's nProbe (the same Italian that
brought us ntop). This small linux/windows application simulates a router's
NetFlow cache by passively sniffing Ethernet frames via a SPAN/mirror port
generating NetFlow in various formats that can be sent to a collector for
top talker, trending, etc.

There are others available (such as fprobe) but in my experience nprobe is
by far the superior utility.

Unfortunately if you're going to make use of nprobe you need to pay a bit
for it.

I haven't worked with it myself but he even sells a small appliance that
runs nprobe if you don't want to mess with building out an probe server
yourself.

http://www.ntop.org/nProbe.html




On 11/27/07 7:22 PM, "Bill Nash" <billn at billn.net> wrote:

> 
> You can implement tools like softflowd on a server to generate flows from
> traffic it sees on one (or more) of its interfaces, in combination with
> your available port mirroring option. Obvious limits are going to include
> figuring out where your traffic chokepoints are, to facilitate
> comprehensive monitoring, and whether or not you can get a big enough pipe
> on server hardware to handle your traffic volume.
> 
> - billn
> 
> On Tue, 27 Nov 2007, Mike Louis wrote:
> 
>> Hello All,
>> 
>> I am working with a large client that uses extreme networks gear extensively.
>> Most of their gear is older i series and e series summit and black diamond
>> equipment. Anyone on this list have any experience with getting netflow top
>> talkers information from  a network like this without using netflow or sflow.
>> I am working on some other tools using NTOP for starters but i am not getting
>> the information that i need. I would like to use a tool that can support port
>> mirroring traffic to gather network statistics. The current gear that they
>> are using supports Sflow however its so old that even extreme recommended not
>> enabling it on links over 1Mbps. Netflow was a no go as well plus most of the
>> gear won't support it.
>> 
>> Any ideas on some good network visibility tools for traffic anaylsis.
>> Specifically something similar to what information netflow can provide with
>> source/destination port/address information for a flow.
>> 
>> Thanks in advance
>> 
>> Mike
>> 
>> Note: This message and any attachments is intended solely for the use of the
>> individual or entity to which it is addressed and may contain information
>> that is non-public, proprietary, legally privileged, confidential, and/or
>> exempt from disclosure.  If you are not the intended recipient, you are
>> hereby notified that any use, dissemination, distribution, or copying of this
>> communication is strictly prohibited.  If you have received this
>> communication in error, please notify the original sender immediately by
>> telephone or return email and destroy or delete this message along with any
>> attachments immediately.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


-- 

Adam  Powers
Chief Technology Officer
Lancope, Inc.
c. 678.725.1028
f. 678.302.8744
e. adam at lancope.com

More information about the cisco-nsp mailing list