![]() ![]() ![]() This is all left as an exercise for the reader. Note that if your firewall/router is suitably advanced, you may be able to generate netflows internally from the device and therefore skip the fprobe steps completely. Usually when doing pilots, the flow generating computer is the same as the nfsen computer. (Note that 3Com used to call this mode "RMON Roving Port Analysis". Either that or you skipped the directory ownership/permissions step above. If you get ugly messages about not being able to initialize globals (among other problems) then you almost certainly have selinux running (turn it off). I like to dedicate an interface on the monitoring station for this purpose depending on your switch this might be mandatory as some switches will not let a system transmit through a switch set to "monitoring/mirroring" mode. fprobe nfsen httpd Enjoy your netflows Point your browser at the system where you installed nfsen and start playing. In practice this means you will be mirroring the traffic you are interested in to a port to be connected to the monitoring station. For this to work you need a smart switch that can mirror/clone traffic from one port to another, a computer to act as the flow generator, and a computer to act as the nfsen station. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |