0 Replies Latest reply on Mar 2, 2015 10:57 AM by kenw

    Netflow is under-reporting the amount of traffic


      HI ,


      I have been wrestling with Netflow for months now, I have a server running NPM 11.0.1 and NTA 4.1.0.


      The collector is succesfully receiving netflow traffic from a Cisco 3750X switch, it is monitoring both ports on the C3KX-SM-10G module that is installed in the switch.


      The traffic I am monitoring comes from a particular IP address through the switch to a server, which then sends some traffic back to the that address.


      the problem I have is that the amount of traffic seen in Netflow is less than what is seen if I take a Pcap on that server.


      I am seeing varying differences, in a 24 hour period this could be a difference of 30MB, or as low as 2MB.




      I worked with Solarwinds and we took Pcaps on the Netflow server and confirmed that Netflow is reporting exactly what it is receiving from the switch, so I am now looking at the switch as the possible culprit.


      does anyone have any advice for me on where to start my investigation?


      I have a call logged with Cisco , but they seem to be taking their time responding to me.