How to capture network traffic data?

  • 1
  • Question
  • Updated 4 years ago

A choice between one of two options:

1.

Enable NetFlow or some other flow option on a L3 network device like a switch or router. This will give you header information like source\destination IP address and some content data like the amount of information being transferred. Flow can be a good way to get a top level view of how much data is moving around.

2.

Enable a SPAN or mirror port on a managed switch. A SPAN\mirror port allows you to get a copy of traffic associated with ports or VLANs and send it to another port where you can plug in a traffic analysis tool. Decent traffic analysis (or deep packet inspection) tools will give you information like source\destination, traffic volumes, application information and metadata like website or file name.

It all comes down to what your requirements are. If you just want a top level view with basic drilldown then flow may be an option. If you don't have flow options available or you want more detail for troubleshooting then a SPAN or mirror port will be your best option.

Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes

Posted 4 years ago

  • 1

Be the first to post a reply!