Date: Tue, 9 Oct 2012 11:59:59 -0700 From: Matt Mullins <mokomull@gmail.com> To: Paul Macdonald <paul@ifdnrg.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Netflow capture question Message-ID: <CAPyT1SHzfYbOti_jmZ8vyaSyGM97x=L1_ej17t3k7HLc1ayWAQ@mail.gmail.com> In-Reply-To: <50744B51.20302@ifdnrg.com> References: <50744B51.20302@ifdnrg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 9, 2012 at 9:05 AM, Paul Macdonald <paul@ifdnrg.com> wrote: > I don't have direct access to the router this is going via, will netflow, > flowcapture allow me to monitor traffic ( by port/protocol etc) straight off > the NIC? flow-capture simply receives NetFlow data and stores it to disk. You'll need to use that in combination with softflowd to listen for raw packets on the NIC and generate the NetFlow information. I highly suggest the book "Network Flow Analysis" by Michael Lucas if you want to pursue this route; it's especially worth it if you're going to leave this system around for long-term analysis. -- Matt Mullins
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyT1SHzfYbOti_jmZ8vyaSyGM97x=L1_ej17t3k7HLc1ayWAQ>