Overview of Traffic Flow
ptFlow™ Network Traffic Analysis provides visibility into traffic network patterns and usage to determine how traffic impacts the overall health of the network through real-time packet capture. Drill down into applications, conversations, and devices to identify the exact sources of spikes and bursts allowing you to take proper corrective actions. Foglighht NMS stores flows for historical reporting that proves invaluable for network capacity planning.
ptFlow Network Traffic Analysis provides unparalleled visibility into traffic network patterns and usage to determine how traffic impacts the overall health of the network through real-time packet capture. Drill down into applications, conversations, and devices to identify the exact sources of spikes and bursts allowing you to take proper corrective actions. Foglighht NMS stores flows for historical reporting that proves invaluable for network capacity planning.
Captures packets for any device on the network - routers, switches, servers, desktops
See traffic from the 'Foglighht NMS' of each device for easier troubleshooting
Supports Cisco® NetFlow v1, 3, 5, 7 and 9, Juniper® J-Flow, and sFlow®
View applications, conversations, devices, endpoints, and protocols in graphical charts
Provides historical trends for all flows for network capacity planning
ptFlow configuration and deployment:
Note: The deployment is only valid in physical enviroments and not on VM deployments.
Foglighht NMS Traffic Analyzer supports ptFlow technology and industry standards NetFlow, sFlow, and J-Flow. ptFlow is a packet capture and filtering engine that allows users to gather traffic information from non-Flow supported devices such as computers, routers and switches. The results appear just as they would with any traditional flow technology.
The following are steps to configure ptFlow successfully.
Note: Two NICs are recommended. One will collect the mirrored traffic. The other will maintain network/internet connectivity.
Step 1: Establish port mirroring on the router or switch
Port mirroring is used on a network device to send a copy of all network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN); some other vendors have other names for it, such as Roving Analysis Port (RAP) on 3Com switches. Please consult your device's manual to see if it supports port mirroring and instructions on how to enable it.
Step 2: Right click on the specified device, select Wizards from the menu, then Enable Traffic Analysis. Select Enable ptFlow and click the Next. The PacketTrap host server IP will appear automatically. Select the Ingress (traffic in) and Egress (traffic out) on all your desired interfaces. Click Save, Next and Finish.
Step 3: Click on Devices, select the machine running PacketTrap IT and click View Details. ptFlow will appear under Network Traffic Flow.
After enabling port mirroring on the Switch or Router, connect the mirrored port to the computer running NMS host server.
Insert a hub into your desired location and then connect it to the computer running NMS host server.