Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Oct 2012 11:59:59 -0700
From:      Matt Mullins <mokomull@gmail.com>
To:        Paul Macdonald <paul@ifdnrg.com>
Cc:        FreeBSD <freebsd-questions@freebsd.org>
Subject:   Re: Netflow capture question
Message-ID:  <CAPyT1SHzfYbOti_jmZ8vyaSyGM97x=L1_ej17t3k7HLc1ayWAQ@mail.gmail.com>
In-Reply-To: <50744B51.20302@ifdnrg.com>
References:  <50744B51.20302@ifdnrg.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, Oct 9, 2012 at 9:05 AM, Paul Macdonald <paul@ifdnrg.com> wrote:
> I don't have direct access to the router this is going via, will netflow,
> flowcapture allow me to monitor traffic ( by port/protocol etc) straight off
> the NIC?

flow-capture simply receives NetFlow data and stores it to disk.
You'll need to use that in combination with softflowd to listen for
raw packets on the NIC and generate the NetFlow information.

I highly suggest the book "Network Flow Analysis" by Michael Lucas if
you want to pursue this route; it's especially worth it if you're
going to leave this system around for long-term analysis.
--
Matt Mullins



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAPyT1SHzfYbOti_jmZ8vyaSyGM97x=L1_ej17t3k7HLc1ayWAQ>