Escolar Documentos
Profissional Documentos
Cultura Documentos
Netflow was designed by Cisco to collect IP network traffic. This data can then be analysed for
source, destination, protocol, class of service etc, and uses a flow cache, Flow Collector and a
Flow analyser to present the data in an understandable way.
Click on Add and specify the IP address of the server running the Netflow software, and specify
a port of 2055.
The next step is to start throwing all of our traffic at the netflow collector. To do this we must set
Select "Global - applies to all interfaces" and keep the default name of global-class
Select Source and Destination IP addresses (uses ACL) and click Next
For the Source and Destination select "any", and for the service select ip (I did also add icmp,
icmp/echo and icmp/echo-reply)
On the next page select the NetFlow tab, click on add and select the Netflow collector IP to the
one we configured in the first step, making sure that we click Send. Click OK.
Give it a little time for the collector to get some data, five minutes or so should do, and
hopefully you should start seeing some data:
(the above screenshot references a different sensor number to the one above it - but don't
worry about that - I just set up additional sensors to get a screenshot).
You can also drill down into the sensor and see the top protocols:
It's pretty quick to start getting some good information out of your firewalls using NetFlow, and
PRTG.
There are a number of Netflow systems out there, if you are good with Linux then there are
free ones available.
netflow is a very powerful, and potentially cheap way to have a fully fledged network monitoring
system.