Netflow of similar without replacing our routers.

Posted on 2013-10-28
Last Modified: 2013-10-29
Perhaps someone can help me find a device that would suite our needs?  We currently have Cisco 3750 switches at each of our sites that are connected to an MPLS network.  Some of the sites have very low speed links and are often saturated.  We wanted to setup NETFLOW on the ports in question so we can easily see where the traffic is coming from but the Cisco 3750 switches do not support it.  Instead of replacing all our switches, we'd like to see if there is some sort of IN-LINE appliance or solution so that we can keep everything as is and just add something within the path of our router and MPLS.  Thanks.
Question by:sthubert
  • 5
  • 3
LVL 20

Expert Comment

ID: 39606867
Although this isn't inline, PRTG is an application that does all sorts of network monitoring - Netflow, sFlow, SNMP, WMI, etc. It also has the ability to do packet sniffing and reporting based on the sniff. If you were to setup the WAN-facing port on the 3750 as a span source, and the PRTG server as a destination, you would be able to get detailed reports on that info. Performance and historical data will be based on the speed of the machine you configure this on and the disk space available. I believe you can get a free version that allows up to 10 sensors, so you might be able to accomplish this particular task for free, aside from the machine it runs on.

Author Comment

ID: 39607037
Would I simply be able to plug this appliance in the WAN VLAN and capture the data the same way a WireShark would?  Does it provide good reporting and top talkers based on bandwidth?

Author Comment

ID: 39607048
Or perhaps I would setup a port mirror and plug the mirrored port into the appliance?

conf t
monitor session 1 source interface Gigabit 1/0/x
monitor session 1 destination interface Gigabit 1/0/x
LVL 20

Expert Comment

ID: 39608936
With PRTG, this would be a port mirror. PRTG won't pass traffic through two interfaces, so inline plainly isn't an option. Give it a shot for free, you just need a machine to load it on, and the port mirror to be setup.
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.


Author Comment

ID: 39609273
I just installed PRTG but like I mentioned my Cisco Routers do not support NETFLOW so how do I use PRTG to capture network data?

I'm really looking for a software or device that can either use to create NETFLOW's or to capture and analyze network data.
LVL 20

Accepted Solution

rauenpc earned 500 total points
ID: 39609310
When you install netflow, you have a device called the Probe, which is the server itself. If you go to add a sensor to the probe, you can search for sniffer. One choice will be packet sniffer which will also require you to choose an interface. From there, when viewing the sensor you should be able to see all the types of traffic, as well as the who and where, assuming that your port mirror is setup properly. You will likely need two physical interfaces on the PRTG server to handle this.

Author Comment

ID: 39609336
WOW!  Works like a charm!  Thanks very much for your HELP I will easily be able to deploy this today!

Author Closing Comment

ID: 39609338
Great solution

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SPLUNK REST  API call to Splunk to create and index? 2 100
RCA to HDMI 4 64
Connect TV screen in another room 6 65
software license audit 6 56
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now