[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


ntop, mirroring ports

Posted on 2007-08-02
Medium Priority
Last Modified: 2008-02-01
I've downloaded a program called ntop on my machine. I've gone through a few of the posts and what I'm understanding is that you have to mirror all ports on the switch to one monitor port in order to accurately view all network traffic. The machine I'm running the program is connected to the monitor port.

Is this the recommended way to view network traffic via ntop?
Question by:lyon-it
  • 2

Author Comment

ID: 19627159
I'm raising the point value to 500.

Basically I'm experimenting with ntop. I have 1 port mirrored and would like to mirror more. I'm happy with the results so far but I would like to view all network traffic on my switch, and I'm concerned about the impact on network traffic if I mirrored all ports on the switch.
LVL 57

Accepted Solution

giltjr earned 750 total points
ID: 19632867
What type of switch do you have?  Most switches don't allow you to mirror all ports, ports by ports.  Now some will allow you to mirror by VLAN, which can in the end allow you do mirror all ports.

Depending on what you want to do, it may be better (if your switch supports it) is to use NetFlow.  This allows the switch to send a 'summary' of the traffic to ntop.
LVL 25

Assisted Solution

Cyclops3590 earned 750 total points
ID: 19634852
agree with giltjr,  use netflow.

I find it hard to believe any switch can mirror all ports to one port.  even if it was possible via the config, the ports can't support the bandwidth.
Example, most managed switches are atleast 12 FastE ports.  if you mirror 11 ports to the 12th, you are mirroring 1.1Gbps to one 100mbps port. Even if the 12th port is a 1Gbps port, it's still is short on bandwidth. This is because of all the extra junk you get in the packets you don't need (like the encapsulated data).  This is why netflow is the preferred way for this type of monitoring.
LVL 25

Expert Comment

ID: 19644794

If you plan on giving a grade less than 'A', you need to give us a reply so we know why the information we gave can't be constituted as  full solution.  No ill-will, just would appreciate a fair chance to get the full grade.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month20 days, 6 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question