router as netflow sniffer?

Unanswered Question
Feb 5th, 2009
User Badges:

can a spare router be configured to sniff netflow from a spanned switchport? Maybe set a default route to null0 or some other way to let it swallow all traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 02/05/2009 - 08:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Paul,

I think this is possible and if I remember correctly I did this several years ago.


My only concern is that a router should only process traffic destinated to its MAC address.

You may need to tweak the configuration to put the port in promiscuos mode or you will not be able to emulate a sniffer.


I think in my setup the router was on the path of live traffic or placed as end device in the lab chain.


Hope to help

Giuseppe



pnicolette Fri, 02/06/2009 - 09:27
User Badges:

Thanks for the reply.


int f0/0

rmon promiscuous


is supposed to let the router gather rmon stats on all packets it sees. Does anyone know if this will enable netflow statistics for the same traffic, even if it doesn't flow back out of the router?

Actions

This Discussion