2 Replies Latest reply on Mar 23, 2010 4:26 AM by peganb

    Monitoring traffic with NTA

      Hi,

      Is there a way to monitor traffic flows with Network Traffic Analyzer based on MAC addresses? I would like to have same graphs for MAC source and MAC destination addresses as I have for IP addresses. 

      Boris

        • Re: Monitoring traffic with NTA

          Hi,

          I'd be curious to know why ultimately you'd be interested in leveraging that?  Whilst LAN to LAN packet transfer is ultimately going to be MAC driven on L2 segments, the traffic flow should still be IP based and most flow exporters sit at the L3 domains in a network?

          Strictly speak netflow is an IP flow service to it runs at Layer 3, with early versions of Netflow (like Version 5) looking primarily at source/destination IP's when calculatiing its flow tables.

          That said,  Template based Flow exporting like Version 9 and IPFIX do offer fields for Src MAC and Dest MAC,  VLAN identifier etc so you could in theory use a Flow Report filter on your device to export V9 flows with that information within.

          Once the flows are exporting its just a matter of setting the relevant filters on the contained data.
          If you are working with Cisco,   adding "IP flow-capture mac-addresses" to your exporting text in the root conf t should help.  

          I've never tried it in the NTA mind you as I tend to deal with Metro netfworks more than big LAN's and we pickup traffic on the core layer to try and avoid double counts etc but I would imagine if the field exists in a flow packet, Solarwinds would be able to provide a filter for it in the custom reporting?


          Apologies if this isn't ultimately helpful.