Search 85,950 posts and 653 resources contributed by 43,586 members or post a topic.

Already Joined? Sign in
Looking to see if Netflow compares to Wireshark

Page 1 of 1 (3 items) | RSS

rated by 0 users
Not Answered This post has 0 verified answers | 2 Replies | 0 Followers | 418 Views


2 Posts
Points 6
ajf posted on Thu, Jun 18 2009 12:04 PM
rated by 0 users

I am new to the Cisco environment and using sniffers.  I am used to installing Wireshark on my PC and monitoring traffic for Instant Messaging.  My new job I have to sniff traffic between one server to another server or PC.  I currently setup port mirroring on a switch, plug in my PC into a port on the switch and run Wireshark.  That is fine if I am at work and I want to carry my PC around but I now I am getting request for remote sites and sniffing their traffic.  Can Netflow allow me to sniff one port on a switch and only log traffic from one ip address?  Also can Netflow sniff Virtual servers?

  • | Post Points: 3

All Replies


131 Posts
Points 464
jswan replied on Thu, Jun 18 2009 12:12 PM
rated by 0 users

No, Netflow has no packet sniffing capability.

You might want to look at the new IOS embedded packet capture functionality in 12.4(20T) and later:

http://supportwiki.cisco.com/ViewWiki/index.php/Tech_Insights:Utilizing_the_New_Packet_Capture_Feature

 

NPM 9.5 SP4, NTA 3.6, APM 3.1, NCM 5.5.2

  • | Post Points: 3

363 Posts
Points 1,097
Thwack MVP
Donald_Francis replied on Fri, Jun 19 2009 6:22 PM

Netflow is more of a statistical tool.

Where wireshark actually captures the entire packet of a communication netflows are just a "report" of communications.

Basically after a flow ends the sending device will send information about that communication to a netflow collector.  So it would be something like 1.1.1.1 talked to 1.1.1.2 on tcp port 25 for 15mins and transferred 5mb of data.

When you capture flows from a device you can quickly and easily build a good picture of what kind of traffic is going through a deivce and in what quantities.

For example, if you have a T1 that is always at 100% utilization you can look at the flow data and see what Ips are sucking away the bandwidth etc.  It is just as useful as a packet capture and in many situations more useful especially when it comes to resource and capacity planning.

Donald Francis
Sr. Network Engineer
 The Shaw Group

NPM SLX 3 Pollers 14000 elements
APM SLX 2000 elements
NCM 3000 1300 devices
Netflow SLX 300 interfaces

  • | Post Points: 1
Page 1 of 1 (3 items) | RSS

© 2003 - 2010 SolarWinds, Inc. All Rights Reserved.

Who is SolarWinds?

SolarWinds is rewriting the rules for how companies manage their networks. Guided by a global community of network engineers, SolarWinds develops simple and powerful network management software and network monitoring software for networks of all sizes. SolarWinds also offers a network certification program to become a SolarWinds Certified Professional (SCP).

What is thwack?

thwack, SolarWinds online community site, was designed by network engineers, for network engineers. thwack is a vibrant, growing community of more than 30,000 IT pros who share a passion for technology.

Explore Resources, Answers, Templates, and Advice

Download Free Networking Tools

Learn More About SolarWinds Products