Another thing to think about when you are doing this is what kind of VLANs do you have. If you put a hub before the router or port mirror a port some where in your network, that does not mean you will get all the traffic as you will only see the layer 2 traffic that needs to go across that link. If the traffic is internal to some VLAN then you might not pick it up.
Foundry does support SFLOW, which is really cool BTW. So you can setup a box (NTOP) as an SFLOW collector and tell all your switches to send samples of all packets to the collector. This will give you a good idea of what is going on in your network everywhere, regardless of where you put the NTOP box and what VLANs you have.
I would really use the CVS version of NTOP though if you are going to use SFLOW. Luca made some really nice changes to the SFLOW plugin, but it is still a CVS only kind of thing. Another thing, do not try to run NTOP with SFLOW on AMD Opterons. It does not work. I am trying to get a box setup for Luca to test on so that we can get this working.
Bret
Tim Holmes wrote:
My switches are brand new foundry Edge irons and the core is a new Fast iron, so im pretty sure they support port mirroring, but Im gonna have to figure out how to make it happen. I'm a new network admin, (I was trained as a biology teacher), and Infrastructure is one of my weak points
We have been a hub network with just an unmanaged switch at the core, so this is a huge upgrade for us
Tim Holmes
IT Manager
Medina Christian Academy, Inc.
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Carder Sent: Wednesday, October 13, 2004 10:30 AM To: '[EMAIL PROTECTED]' Subject: RE: [Ntop] Question (probably dumb) from a new user
Before buying a hub though, I would check and see if the switch you are using will support port mirroring. The majority of enterprise level managed switches will.
_____
From: Nick Weaver [mailto:[EMAIL PROTECTED] On Behalf Of Nick Weaver Sent: Wednesday, October 13, 2004 9:23 AM To: [EMAIL PROTECTED] Subject: RE: [Ntop] Question (probably dumb) from a new user
You probably have NTOP on a switched network, and are missing some of the
traffic. The way I get around this is to place a hub between the
backbone/regular network, with NTOP listening there.
Switched network --->Hub w/NTOP box ---> Backbone/server switches
or I also do it this way
Switched network --> Hub w/NTOP --> Router -->Remote Router ---> Hub w/NTOP --> Remote switched network
I am sure that email will mangle my beautiful diagrams...oh well. You should be able to get the idea. You can also use port mirroring. I have these hubs placed like this for sniffing/analysis anyway (but this is a test lab, not a production environment)
Nick Weaver Test Lead/IT Support
KeyLabs(tm) BottomLine Quality Managment
Building 7 System Test Lab
Ph: 208-396-7386 Cell: 208-353-5443
_____
From: [EMAIL PROTECTED] on behalf of Tim Holmes Sent: Wed 10/13/2004 7:59 AM To: [EMAIL PROTECTED] Subject: [Ntop] Question (probably dumb) from a new user
Good morning. I just started using NTOP to monitor my network this week,
and so far its going well, but I have a question.
According to my summary screen, NTop has been running for 1 day and 20 hours and change. So it is showing total packets processed at just over 207,000 I know that's a large number, but it doesn't seem like enough for what Ive been doing on the network. We have about 100 regular users who are logging in etc, as well as I did 2 ghost casts yesterday, (each one over 5 gigs). Does NTOP only sample every so often, or is my traffic really that low? Or am I totally messed up?
Thanks
TIM
Tim?Holmes ? IT Manager Medina Christian Academy, Inc. A Higher Standard... ? Jeremiah 33:3 Jeremiah 29:11 Esther 4:14
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
<http://listgateway.unipi.it/mailman/listinfo/ntop>
_______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bret Jordan Dean's Office Director of Networking College of Engineering 801.585.3765 University of Utah [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
