What every Network Administrator expects from a bandwidth monitor while monitoring input and throughput on the device interface/port is:
Who is using?
Which Application is consuming my Bandwidth?
Which Port and Protocol are used?
The above information can be seen if you have NetFlow/jFlow/sFlow supported device and have configured it to export NetFlow packets to the server where you have installed NetFlow Analyzer.
How can you monitor a network effectively using NetFlow even if the devices are not capable of exporting NetFlow Packets? Is it possible to do a detailed traffic analysis?.
Consider a network has Layer 3 Switch like (Cisco 3750 or 2900 series) to which users are connected. The up-link port of switch is connected to firewall and the outside interface of the firewall is connected to a router. Monitoring the router capable of exporting netflow will only give the amount of traffic coming IN and going OUT of WAN/LAN interface, since NAT-ing is done on the firewall, you will see only the Firewall IP address in the reports .
We need to know the individual internal user IP address traffic statistics to decide on improving network performance. The only way we can get information about the internal user traffic stats is by monitoring the Layer 3 switch to which users are connected, but as we all know Layer 3 Switch Cisco 3750 or 2900 series is not capable of exporting NetFlow.
In order to monitor the individual user traffic and to do in-depth Bandwidth Monitoring on Layer 3 switch, which are not capable of exporting NetFlow packets, we need to be sure on following things:
1. Port Mirroring or SPAN
2. nProbe
SPAN :
Switch Port Analyzer (SPAN) is a technique used on Network switches to forward a copy of network packets seen on one switch port to a network monitoring connection on another switch port. This technique is also called Port Mirroring or Port Monitoring.
nProbe:
nProbe is a software probe which receives network packets from devices and converts them in to NetFlow packets in order to export it to a Analyzer tool for in-depth traffic monitoring.
Traffic Mirroring:
It is enough that we monitor the up-link port of Cisco 3750 to get internal user traffic stats. Now, we need to mirror the traffic from up-link port to a destination interface which is SPAN port or Mirror port. Below is an example, how to configure port mirroring on Cisco device;
Monitor session 100 source interface fastethernet 0/1
Monitor session 100 destination interface fastethernet 0/8 encap ingress vlan 1
The above example mirrors data from ports 0/1 to the destination port 0/8 using vlan1 for vlan tagging.
Once the traffic mirroring is successfully done, we need to install nPorbe on the network and forward the packets from mirror port to the server where nProbe is installed. This nProbe converts this packets in to a NetFlow packets.
nProbe Configuration:
The converted NetFlow packets be nProbe can be exported to Analyzer tool like NetFlow Analyzer for bandwidth monitoring. Following is the command that has to be applied on nProbe to export NetFlow packets.
nprobe /c -G -i eth0 -n 192.168.1.1:9996 -b 1 -u eth0 -Q eth0
192.168.1.1 refers NetFlow Analyzer server
9996 refers NetFlow Analyzer Listener Port
Thanks and Regards
Praveen Kumar
Download | Interactive Demo | Product overview video | Twitter | Customers|Bandwidth Monitoring | Network Security | CBQoSMonitoring |
lan traffic analysis | network traffic analyzer | traffic analyzer | network traffic monitor | network analysis tools | network performance analysis
