Mark, No, unfortunately NetFlow isn't supported on the PIX, like many other things.
Really though, you don't want to run it there. Because NetFlow exports the level of detail that it does, you can gather all your stats for your entire network just by running it on all your edge routers. All you need to make sure of is that a flow originates behind a NetFlow enabled router, and that it is destined for a prefix that either resides on a subnet of another NetFlow enabled router in your AS, or a prefix which is beyond your AS (in which case you catch that too because you're running NetFlow at your ASBR(s)). You don't want to run this in your core or anywhere else there are not hosts. If you want to single out a /32 (or a particular port on a host or group of hosts) and view the activity as perceived by NetFlow, you can use the 'flow-tools'. The flow-tools is a package I listed a link to below and it includes a number of handy little tools. 'flow-filter' will allow you to filter on any attribute in the flow record and output the info to stdio. HTH, Greg Reaume ""Mark W. Odette II"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there something similar to this NetFlow for the PIX?? I could use a tool that monitors each flow of traffic, perhaps even with the ability to specify a specific host to monitor its flows across the IPSec tunnel of two PIXen. Any suggestions appreciated. Mark -----Original Message----- From: Greg Reaume [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: Re: protocol monitoring software [7:55110] Sam, OVER HERE! LOOK HERE! PICK ME! :) Seriously though, take a look at NetFlow. Nice flow based accounting exported at flow conclusion by the router to a 'collector'. It records, on a per-flow basis, src AS, src IP, src port, dst AS, dst IP, dst port, pkts in flow, B in flow, start time, stop time, etc, etc, etc. I'm sure you get the idea; this is pretty powerful stuff! You can have your collector aggregate all the flow exports over a given time period, or you can have your router do it before it sends the info to the collector. Cisco sells their own commercial products to collect and analyze and they also partner with 3rd party commercial vendors to provide you with collectors and analyzers. The best stuff though, IMHO, are the tools from the open source community. Cisco acknowledges these tools and even lists where you can get them on their website, however, they are obviously not supported. Start here: http://www.cisco.com/go/netflow http://net.doit.wisc.edu/~plonka/FlowScan/ http://www.splintered.net/sw/flow-tools/ http://www.columbia.edu/acis/networks/advanced/CUFlow/ There are good examples of implementations here: http://wwwstats.net.wisc.edu/ http://www.canet3.net/stats/map.html And of course, although they have no relation to NetFlow, no disscussion of network monitoring tools is complete without Tobi's Tools: http://www.smokeping.org http://www.mrtg.org http://www.rrdtool.org HTH, Greg Reaume ""Cliff Stewart"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Sam, Have you taken a look at NBAR? Take a look at the Cisco IOS Quality of Service Solutions Configuration Guide it should work for you. -Cliff -----Original Message----- From: "sam sneed" To: [EMAIL PROTECTED] Date: Tue Oct 08 10:19:08 PDT 2002 Subject: protocol monitoring software [7:55110] >Hello, > > I am looking for software that will monitor what kind of traffic is going >through my network and report it.I am only concerned with what is going >through my firewall so I will place the monitoring station on a hub with the >firewall or use SPAN port. Here are requirements: > >Doesn't use netflow to collect data, want to use libpcap to capture data. >Want breakdown of what type of traffice by bytes and %'s ie. HTTP, FTP, SMTP >etc. >Do not want to use NTOP, too much of a pain in the ass to get it to work >longer than 20 minutes without a seg fault. >Would like the output in graphical form preferbably embeded in a web page. > >If anyone has come across this please let me know. I'm contemplating writing >my own software but would rather not. > >Thanks. ___________________________________________________ GO.com Mail Get Your Free, Private E-mail at http://mail.go.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55152&t=55110 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
