|
|
|
ptFlow configuration and deployment
|
|
Applies to:
|
PacketTrap MSP
|
|
ptFlow configuration and deployment
PacketTrap MSP Traffic Analyzer supports PacketTrap’s own ptFlow technology and industry standards NetFlow, sFlow, and J-Flow. ptFlow is a packet capture and filtering engine that allows users to gather traffic information from non-Flow supported devices such as computers, routers and switches. The results appear just as they would with any traditional flow technology.
Configuration
The following are steps to configure ptFlow successfully.
Note: Two NICs are recommended. One will collect the mirrored traffic. The other will maintain network/internet connectivity.
Step 1: Establish port mirroring on the router or switch
Port mirroring is used on a network device to send a copy of all network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches. Please consult your device's manual to see if it supports port mirroring and instructions on how to enable it.
Step 2: Right click on the specified device, select Wizards from the menu, then Enable Traffic Analysis. Select Enable ptFlow and click the Next. The PacketTrap host server IP will appear automatically. Select the Ingress (traffic in) and Egress (traffic out) on all your desired interfaces. Click Save, Next and Finish.
Step 3: Click on Devices, select the machine running Perspective and click View Details. ptFlow will appear under Network Traffic Flow.
Deployment scenarios
Case #1:
After enabling port mirroring on the Switch or Router, connect the mirrored port to the computer running the Perspective agent (this maybe host server or it may be your deployed agent).
Case #2:
Insert a hub into your desired location and then connect it to the computer running Perspective agent (this maybe host server or it may be your deployed agent).
|
|
|
|
|