Hello, i have one PC connected to router interface, and i want see a trafic for other interface in the same router. So, i want use wireshark to snif and read a netflow information from these interfaces, it's possible ? need a some modifications or indications in wireshark ? Thanks. asked 02 Jun '11, 13:02  Adi edited 02 Jun '11, 13:14 |
2 Answers:
There is a difference in being able to dissect NetFlow packets and to collect (&report on) NetFlow packets. Wireshark can dissect NetFlow traffic as it travels from the NetFlow Agent (your router) to the Collector (absent in your network if I read your question correctly). So, even though Wireshark is capable of interpreting the NetFlow packets, it will not collect them, aggregate them and report (combined) statistics which seems to be what you want. You might want to have a look at NTOP, which is capable of collecting NetFlow packets and might be more the tool you're looking for... answered 02 Jun '11, 14:17  SYN-bit ♦♦ |
Please consider Scrutinizer as well for NetFlow Reporting and Analysis. answered 07 Jun '11, 18:38  Jake Wilson |
