Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
2
Replies

router as netflow sniffer?

pnicolette
Level 1
Level 1

‎02-05-2009 08:50 AM - edited ‎03-04-2019 01:07 AM

can a spare router be configured to sniff netflow from a spanned switchport? Maybe set a default route to null0 or some other way to let it swallow all traffic?

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-05-2009 08:56 AM

Hello Paul,

I think this is possible and if I remember correctly I did this several years ago.

My only concern is that a router should only process traffic destinated to its MAC address.

You may need to tweak the configuration to put the port in promiscuos mode or you will not be able to emulate a sniffer.

I think in my setup the router was on the path of live traffic or placed as end device in the lab chain.

Hope to help

Giuseppe

0 Helpful

pnicolette
Level 1
Level 1
In response to Giuseppe Larosa

‎02-06-2009 09:27 AM

Thanks for the reply.

int f0/0

rmon promiscuous

is supposed to let the router gather rmon stats on all packets it sees. Does anyone know if this will enable netflow statistics for the same traffic, even if it doesn't flow back out of the router?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card