configure router or firewall netflow to capture information in wireshark

i need to configure a router and a firewall to capture information  from an interface to a destination server with wireshark. What needs to be done on the router to get this .
ShenAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
I keep reading your question and I don't understand it. Do you have netflow configured on your router or firewall? Look at the documentation for your equipment to configure netflow, or at least tell us what you are using. Is your question about how to capture the netflow information with Wireshark? Are you using a netflow collector, because you should probably be using that instead of Wireshark to look at the netflow information, unless that isn't working in which case you need Wireshark to troubleshoot.

Did you know that Cisco routers can show netflow information from the CLI? "show IP flow top-talkers" if properly configured.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bbaoIT ConsultantCommented:
i don't think you can do that directly on the router because as far as i know there is no such a function designed on routers due to some considerations in terms of performance and privacy polices.

a common practice is to do so by placing a hub at the WAN or LAN side and set up wireshark computer to listen from one of hub ports.
bbaoIT ConsultantCommented:
i don't think you can do that directly on the router because as far as i know there is no such a function designed on routers due to some considerations in terms of performance and privacy polices.

a common practice is to do so by placing a hub at the WAN or LAN side and set up wireshark computer to listen from one of hub ports.
gheistCommented:
Normally one configures snoop port (readonly) and attaches wireshark there on router or switch.
Netflow is not enough for wireshark, you need pcap capture for wireshark, or some netflow analyzer for netflow, like oranges and tomatoes...
harbor235Commented:
What kind of router? Juniper routers can capture traffic directly and save it as a pcap which is viewable via Wireshark.
The file is saved locally and can be ftp'd off to a desktop or server for analysis.


harbor235 ;}
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.