HI ,
I have been wrestling with Netflow for months now, I have a server running NPM 11.0.1 and NTA 4.1.0.
The collector is succesfully receiving netflow traffic from a Cisco 3750X switch, it is monitoring both ports on the C3KX-SM-10G module that is installed in the switch.
The traffic I am monitoring comes from a particular IP address through the switch to a server, which then sends some traffic back to the that address.
the problem I have is that the amount of traffic seen in Netflow is less than what is seen if I take a Pcap on that server.
I am seeing varying differences, in a 24 hour period this could be a difference of 30MB, or as low as 2MB.
I worked with Solarwinds and we took Pcaps on the Netflow server and confirmed that Netflow is reporting exactly what it is receiving from the switch, so I am now looking at the switch as the possible culprit.
does anyone have any advice for me on where to start my investigation?
I have a call logged with Cisco , but they seem to be taking their time responding to me.
thankyou
Ken
