[REVIEW] Netmon Professional Edition

Netmon Professional Edition

[ORIGINAL POSTED on Network World | MAY 14, 2007 1:00 AM PT] PDF Version
By Barry Nance

The Netmon appliance went to work quickly to establish a baseline of network activity and begin identifying network problems.

Augmented by its built-in protocol analyzer, the Netmon appliance pinpointed network trouble spots in our tests by decoding key packets in addition to depicting the problematic network devices and servers. The Netmon device comprehensively monitored network traffic, specific protocols, bandwidth utilization, TCP/IP-based network services, switches, routers, routers, network printers, UPSes and application performance.

 

You’ll especially appreciate the Netmon appliance if you like solving network problems at a low level. Netmon Professional Edition lacked the application-layer perspective of Extended Technologies.Network Monitoring Software, Tool : Netmon

The device, through its browser-based Visual Network Explorer component, shows network activity in real time. You can display the packet decodes from Netmon’s raw packet-level capture facility in a protocol-analysis display utility, such as Ethereal or Wireshark. The vendor says Netmon can decode thousands of protocols.

Netmon detected half/full duplex mismatches, frame collisions and other low-level network issues. The Netmon appliance integrates closely with Cisco NetFlow to gather statistics from Cisco devices.

The appliance collects Windows performance statistics to display the status of Windows background services as well as CPU, memory and disk use. It includes a port scanner for monitoring switch and router health, and it examined router Address Resolution Protocol tables to identify new network nodes as they appeared on the network. It also did a good job of keeping a close eye on our event logs and security logs across multiple servers.

The Netmon device notified us via e-mail or pager when network activity exceeded previously set thresholds. However, it couldn’t express threshold interrelationships and time of day/day of week situations in as sophisticated a manner as the other products reviewed.

Netmon’s remediation feature can run a Python script or Linux command within the appliance. It does produce uptime/availability reports, bandwidth-use reports and historical reports of network errors. Netmon comes with clear and comprehensive online documentation. It installs in a few minutes.

[Original Article – Netmon Professional Edition on NetworkWorld.com]

NETMON Growth and Opportunity Leads to Move

 

NETMON Growth and Opportunity Leads to Move

WINDSOR, ON, Canada – Nov 23, 2016 — Netmon Inc., a Windsor based tech company is moving from its offices in downtown Windsor at 633 Ouellette to a newly redeveloped business and medical centre at 55 Edinborough Street, the former site of the Teutonia Club in mid-December.

The move is a strategic decision to accommodate recent growth and position the company closer to major arteries in Windsor allowing for faster response times to Netmon’s expanding clientele in Windsor Essex County and Southwestern Ontario.

"This move will allow our company to better accommodate for our growth, especially in our IT and Managed Services divisions; the relocation represents our commitment to better serve our clients.” states Eric Lamouroux, CEO and President of Netmon Inc. “As demand grows for our services we are continuing to hire talent and fill key positions within the organization in order to provide our clients with the high level of service they expect.”

Netmon’s investment into the new offices provides the opportunity to design and customize the environment to meet all current and future technology needs and to create an efficient and positive work environment for its employees.

Employees are looking forward to their new location that will include a spacious common area and lounge, an expanded IT lab, and workout room.

ABOUT NETMON INC.

Netmon Inc. was founded in Windsor, Ontario in 2007, specializing in the development and deployment of network monitoring and environmental monitoring solutions. Netmon’s IT and Managed Services Division provides unparalleled business technology and monitoring solutions throughout Windsor, Essex County and Southwestern Ontario.

Learn more about Netmon:

www.netmonservices.com

www.netmon.com

 

© 2016 Netmon Inc.  All rights reserved.

MEDIA CONTACT:
Eric Lamoureux
President and CEO of Netmon Inc.
Netmon Inc.
Phone: (800) 944-4511
633 Ouellette Ave, Suite 309, Windsor, ON Canada N9A 4J4
info@netmon.ca

Connect with Netmon

Twitter®  Facebook®  LinkedIn®

5 Critical Reasons for Network Traffic Analysis

 
 
 

5 Critical Reasons for Network Traffic Analysis

 

As communication and network infrastructure grows in size and complexity, having a complete view and understanding of your network environment (including the amount and type of network traffic going back and forth) becomes vital to your business’ health and operations.

Having the right tools to do the job is just as important. If you can’t quickly determine the source, destination, rate and the type of traffic going across the network, you don’t have the right tool.

Enter, Network Traffic Analysis and the key reasons for why it should be a tool that every Systems Administrator and IT Professional should be using on a daily basis.

 
 
 

1. Isolating High Bandwidth Consumers

bandwidth-activity-monitor

Bandwidth Utilization Spike

Knowing there is heavy usage or a spike in bandwidth is one thing, but being able to quickly isolate and identify who (or what) is causing them is another.

With network traffic analysis you are able to quickly isolate and identify the who, the what and where - in real time.

Network Utilization - Unknown Protocol Spike

Recent Activity Analysis

 

 

2. Determining Network Traffic Utilization trends

Do you have any bottlenecks in your network? What is your average network utilization? Peak Utilization? Do you have enough capacity to support further growth?
Regular monitoring and analysis of your traffic can give you the answers to these questions, and allow you to better manage your network.
 

3. Finding Rogue Users, Problem Devices and Process

Rogue users, devices and processes are not only security threats to your network but also the cause of network slowdowns and outages. Being able to detect and eliminate them are crucial to your network’s accessibility and your company’s operations.

ta-vne-1

Real Time Conversations (network activity)
in the Virtual Network Explorer (VNE)

 

With Netmon’s VNE (Visual Network Explorer) you can quickly isolate heavy users and devices with a substantial amount of connections (typical of peer to peer traffic) in real time.

ta-vne-analysis

User Activity Report
_

 

In addition to real time analysis, you can run daily, weekly and even monthly reports ensuring that the traffic on your network is within company guidelines.

 

4. Historical Analysis and Audits

Having historical network traffic data helps you troubleshoot, establish network benchmarks, plan for growth, and investigate network occurrences by combining all traffic statistics and filters in various customizable reports so that you have a complete view of your entire network environment.

Types of Reports available

Network Activity Report, Conversation Report

A report that displays network communication and bandwidth usage between source and host devices (and IPs) as well as the port(s) of communication (TCP / UDP)

Protocol Analysis Report

A report showing the network traffic utilization along with a traffic analysis breakdown by communication ports (TCP UDP)

Web Traffic Report

Displays web pages (urls) and IPs visited by specific devices or workstations on the network along with the timestamps

Email Traffic and Inspection Reports

Displays detailed statistics and information between email hosts and recipients

 

 

 

5. Forensic Audits – Traffic Capture

For instances that require a detailed investigation, Netmon allows you to capture traffic in its entirety from a specified range, or even single IP where it then can be exported into WireShark for a deep packet analysis. (link to netmon wireshark series)
 
 

Try Network Traffic Analysis For Yourself

Access Our Live Demo Below

Now that you know the 5 reasons for network traffic analysis, put them to work. Test our live network monitoring demo with real devices and traffic.

 

 

 

traffic-analysis-compressed

• Monitor and Analyze Network Traffic, Bandwidth Utilization, Devices' Performance, and SNMP SYSLOGs all-in-one easy to use interface.

• Error Detection / Alerting with Problem Recognition.

• View Historical Data and Produce Highly Detailed Custom Reports about anything and everything on your network.

 

NETMON and Access 2 Networks (A2N) Sign new Distribution Agreement

NETMON and A2N sign new distribution Agreement Partnership that increases reach to Netmon Network Monitoring for Ontario MSP and enterprise IT clients.

 

WINDSOR, Canada – Nov 8, 2016 —  Netmon Inc., the provider of powerful and complete network monitoring solutions today announces a new distributor partnership with Access 2 Networks (A2N), a leading provider of Information Security Solutions in Canada.

Netmon combines the best in Network Monitoring tools with its proprietary Network Traffic Analysis engine in a highly intuitive administrative interface to provide a “2nd-to-none” complete monitoring and troubleshooting solution for System Administrators and IT Professionals.

Darin Barton CISSP CISA, Senior Account Executive at A2N stated, “As soon as we saw this monitoring solution we knew it was a winner.  We’re extremely pleased with the solution, the partnership and the positive energy the Netmon team brings to the table.

“We are excited about Access 2 Networks’ (A2N) experience and their relationships with their clients, providing unparalleled levels of service and support to the professional IT marketplace. We believe our combined partnership will help us reach wider audiences across Canada and are confident that Access 2 Networks (A2N) is the right exclusive distributor for Netmon in this expanding IT industry in Canada.” Eric Lamoureux - President and CEO of Netmon Inc.

ABOUT ACCESS 2 NETWORKS, INC. (A2N)

A2N, the leading provider of cyber security solutions in Toronto, Ontario, Canada since 1997, has built a reputation for expert consulting, strong partnerships and customer-centric services.  A2N offers end-to-end solutions that combine technology, services, support, and training; this unified approach enables organizations to enhance their IT security posture and remediate with confidence.

ABOUT NETMON INC.

Netmon Inc. was founded in Windsor, Ontario in 2007, specializing in the development and deployment of network monitoring and environmental monitoring solutions. Netmon gives IT administrators complete network visibility in an affordable, appliance-based networking monitoring software solution that is trusted globally by large and small organizations from an array of industries including military, financial, insurance and information technology firms.

 

Learn more today at http://netmon.com/ & http://a2n.net/

 

© 2015 Netmon Inc.  All rights reserved.

MEDIA CONTACT:

Eric Lamoureux
President and CEO of Netmon Inc.
Netmon Inc.
Phone: (800) 944-4511
633 Ouellette Ave, Suite 309, Windsor, ON Canada N9A 4J4
info@netmon.ca

More information about Netmon’s partner programme can be found at:
http://netmon.com/partner-program/

Connect with Netmon

Monitoring Websites – Create Web Trackers

Create Web Trackers in Netmon

 

Have any of your website or web applications gone down, been hacked, or defaced? When and how did you find out?

In this post, we will show you how Netmon monitors your websites (or web applications) in our complete Network Monitoring Solution.

There are a few types of monitoring that are going to take effect when you create web trackers / url in Netmon.

  • ICMP / PING will provide you with: latency and status (up / down)
  • Pattern Match: will let you select a string of text on your website / URL that Netmon will check against to make sure that your site has not been defaced. Alternatively, your server where your site is residing may be operational and responsive but the site itself may be down or content may not be resolving.

Most importantly, when you create a Web / URL tracker you can create an email alert and be notified should any of the above trackers fail.

You can also run historical reports on your sites / URLs; for example: what was the latency for my website over the course of the week? What was the uptime of the website for the month?
 
 
web trackers 2

Adding A Web / URL Tracker in Netmon

 

When signed into your Netmon Device you will need to navigate to the Web Trackers tab:
Click Add Web Tracker

 
add web tracker
 

On the Add/Edit Web Tracker pop up fill in the fields below:

URL: This is the website URL that you want to monitor
Pattern to Match: A string of text on the URL page that Netmon will check to see exists every sample interval

Once your Web Tracker is created and Netmon has a chance to poll your new tracker and go through the pattern match, you will see a Status: Match like below:

 
web tracker match

 
addurl

Creating a Web / URL Tracker Alert

To create your Web Tracker alert click the alerts button on the right hand side of your created tracker and fill in the required fields as illustrated on right.

Should your website url or web application go down, be defaced or hacked you will be immediately notified so that you can take action and resolve the issue.

 
create alert

There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

Centralized SYSLOG and Windows Event Log

Configuring SYSLOG / Event Log on a Windows Device

 

Netmon’s complete Network Monitoring Solution can also be used as a centralized SYSLOG and Windows Event Log Server where you can quickly look through many Servers, Workstations or other Network devices’ SYSLOG and Event Log information without having to log into each individual device to see the same information.

Furthermore, with Netmon, you can create and generate email alerts based on any string of text pattern found within a specific event log, allowing you to be notified when that event occurs. This becomes very valuable if you know that a certain issue is recurring on a device and would like to catch it the next time it happens or if you simply want to be alerted when there are any issues on your network devices, including of course Windows Servers and workstations.

Unlike SYSLOG, Microsoft uses a different standard called Windows Event Logs. In order to import Windows Event Logs we have to install an agent on the Windows Server / Workstation in question which then will be pointed to your Netmon.

Download Windows Event Log Agent

Start by going to netmon.com/support/ and download the “SNARE Event Log Agent for Windows”.

You will now run the SNARE for Windows executable and run through the setup wizard

When presented with the Snare Auditing option as shown below, ensure the default option Yes is chosen to have Snare take control of your Event Log Configuration.

At the next screen leave the default option Use System Account as shown below.

download snare

 
Snare Auditing

 
Snare Account

 
You can now configure Remote Control of the SNARE application, we recommend Enabling Web Access, Disabling Password authentication & Local access only as shown below.

 
Remote Control Interface
 

You can now continue the installation by choosing the default options until the installation is complete.

 
After the installation has completed you can access the application by going to the start menu and looking for Intersect Alliance and choosing Snare for Windows.

 

snare for windows

 
You can also access Snare by going to http://localhost:6161 in your web browser.

Once you have access to Snare web interface you will want to navigate to the Network Configuration page.

Here you will configure Snare to send event logs to your Netmon device by filling in the below fields:

Destination Snare Server address:
Destination Port: 514
Enable SYSLOG Header?:
SYSLOG Priority: DYNAMIC

 
Snare Network Configuration

After configuration changes have been made click Change Configuration and you also need to click Apply the Latest Audit Configuration on the left side of you screen to complete the configuration changes.

Next you will choose Objective Configuration on the left side of you screen and apply the following changes:

Identify the high level events: Any event(s)
Identify the event types to be captured: Error, Warning & Critical
Identify the event logs: Application & System
Select the Alert Level: Critical

Snare filtering

After configuration changes have been made click Change Configuration and you also need to click Apply the Latest Audit Configuration on the left side of you screen to complete the configuration changes.

You have now completed the Snare configuration and can now create the Netmon device to capture the syslog events.

After signing into your Netmon device navigate to the Devices page and choose New Device. Fill in the fields and ensure you have the Enable Syslog option checked off. The Severity option you choose will capture any events above the selected option.

Notice: you can filter what type of event logs by minimum “severity” or “security” level you want to import into netmon. If you don’t care about any “Info” event logs you can ignore them and only import “warning” and above for example.

Now, when viewing the newly created device you can choose the Event Log tab in the device dashboard and see the syslog events that the Netmon is now capturing.

 
syslog in netmon
 

With Netmon you will be able to quickly browse through many Servers’, Workstations’ and other devices’ event logs all in one centralized platform.

 
add device syslog

syslog event log

 
Lastly, now that netmon is capturing these event logs, you can also create alerts based on events and text patterns by choosing the Manage Alerts button under the Event Logs Tab.

 
add syslog alerts

There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

Monitoring Cisco Devices on your Network with Netmon

Cisco Network Devices

 
We feel that it is crucial for any Sysadmin or IT professional to have quick access to, and information about any given networked device in their environment.

Having a centralized platform where you can get specific details about each monitored device will greatly reduce troubleshooting time by being able to access and get critical information about it, or even finding the malfunctioning device. We will focus on cisco devices for this post and what type of information is available to user’s.

In Netmon we have created dashboards for cisco and other specific (the most popular and common) manufacturers so that when a device is added, it automatically polls “dashboard” or preset trackers. Additional trackers can be added to the dashboard using SNMP walk.

Netmon utilizes several industry standard technologies including PING / ICMP, SNMP, NetFlow that come into play when talking about cisco devices (you will have to have SNMP enabled on the cisco device before you can add the device into netmon).

 
We will take a look at:

• Cisco Firewalls
• Cisco Routers
• Cisco Switches
• Cisco APs

The dashboards will look very similar for the family of cisco devices with a few notable differences that we will point out.

When adding a new device in Netmon you will need to enter the device’s information such as IP address and SNMP configurations, polling interval, etc.

Cisco Add Device

Cisco Switches

 
Here is what the default dashboard looks like for a cisco switch, in this case a 2901.

 
Cisco Switch Dashboard

 

You will notice that this dashboard provides you with crucial system information about the switch including its CPU % utilization, System Uptime, Description, etc. You can quickly identify and establish the status of the switch including the load it’s experiencing on a 5 second, 1 minute, and 15 minute average. This would quickly tell you if the switch is overloaded.

This information that you are seeing is in real time, or rather, last poll data (if your interval is set to 3 minutes, it means that data is current as of 3 minutes - that is our default log level for regular monitored devices).

If you require additional information on the dashboard that may be accessible through SNMP on your device, you can add it by running a SNMP walk and selecting to “graph / log” OID tracker you wish to add.

In order to track any of these items on the dashboard historically (rather than view the last poll, for reporting purposes) you can create a tracker out of any of these items that are listed on this dashboard. This will give you the ability to run a historical report - for example, what was my CPU % utilization for this device last week?

Cisco CPU Percent Utilization Last week

Because this is a switch, we are going to be interested in the network interfaces that are on this switch - navigate to the “Network” tab in the device’s dashboard.

On the right hand side of this tab you will see every single interface, physical or virtual, along with the bandwidth in and out as well as what is connected in that specific interface (this will either display as a resolved name, IP or MAC address). These fields can be renamed and customized to your liking.

As mentioned above, this is real-time (last poll data) and in order to track bandwidth utilization across one of these interfaces, you simply create a tracker and tell it to “graph / log results”. We will come back to this in the firewall section a little further down this post.

Cisco Switch Dashboard

On the left hand side you will find PING / ICMP and TCP trackers and just below it you will find Bandwidth trackers. Again, once a tracker is created it gets stored in Netmon and you are able to run historical reports for any given timeframe.

 

Cisco Network Services

Cisco Firewalls (ASA in this example)

 
Most of the dashboard for the cisco devices are going to look very similar to each other in terms of the information they provide with the exception of a few added features depending on the device in question. For example for cisco firewalls we have a little more information available on the dashboard. Cisco firewalls give us the addition of % RAM used and give us VPN Session information right on the main dashboard. This is very useful if you need to see what’s configured and who’s actively connected.

Cisco ASA Dashbaord

Cisco VPN Sessions

As mentioned above for switches, when we go to the Network tab of the firewall we can access all our bandwidth trackers, PING / ICMP Trackers.

It is great seeing everything in real time and being able to report on these parameters, especially bandwidth on a cisco ASA since this is where our Internet connections are distributed and monitored… however, for every tracker that is created, we can create alerts to notify us if for example:

• The device is unresponsive (PING / ICMP) tracker
• Bandwidth utilization for our internet connection reaches 80%
• The CPU % utilization of the device exceeds 90%
• Etc.

Cisco ASA Network Tab

Cisco Wireless Access Points

 
Cisco WAPs will once again give us more or less the same information as well as the addition of specific Device Information - Radio, Client and SSID broadcast. This lets you easily identify what group / mesh and location this WAP belongs to.

 

Cisco WAP Dashboard

 

Cisco Routers

 
Again, more of the same information can be obtained, tracked and reported on, with a very similar look so that everything is quickly and easily accessible for information gathering, troubleshooting or checking up on. From here you can create parameters and thresholds and be altered anything that exceeds these thresholds. You can even import SYSLOG information into netmon for each device so that is also accessible, reviewable and of course ALERTABLE on.

Each device dashboards also contains a “notes” section where you can log any events or information about this device in text form.

 
 
Cisco Notes

 
There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

Netmon – the All-In-One Real Time Network Monitoring Solution for Your Business

 

netmon-network-monitoring-logo

Netmon - the All-In-One Real Time Network Monitoring Solution for Your Business

[ ORIGINAL ARTICLE posted on MarketWired.com | January 15, 2016 08:00 ET | http://www.marketwired.com/press-release/netmon-the-all-in-one-real-time-network-monitoring-solution-for-your-business-2088460.htm]
WINDSOR, ONTARIO--(Marketwired - Jan. 15, 2016) - Monitor your network environment, infrastructure and traffic with a SINGLE and POWERFUL SOLUTION. Netmon offers the most reliable all-in-one hardware and software solution when it comes to identification and resolution of network infrastructure issues in real time, as well as troubleshooting any network related problems with a comprehensive alert system that can be tailored to suit specific needs. Regardless of the problem, from server issues to network performance and accessibility, Netmon offers users a variety of tools and features including uninterrupted real time traffic analysis and network monitoring.

This powerhouse network monitoring system sets the industry standard with its application flexibility and tools like real time traffic analysis, which allows users to analyze and pinpoint the source, destination and type of traffic going across the network, as well as network monitoring tools which allows the users to monitor physical network infrastructure performance. These impressive features allow users to get issues resolved faster by saving time and money on troubleshooting.

Netmon helps professionals stay on top of things with unparalleled efficiency and effectiveness by giving the user control of what information is seen and when it's relevant. Other benefits include user notifications for any configured or set parameters, SYSLOG / Event Log monitoring, extensive historical reporting and analysis, website defacing detection and multi-site location monitoring.

Netmon is dedicated to staying ahead of the curve. They set the benchmark for their competitors by offering real time traffic analysis along with the inclusion of a comprehensive user alert system that is completely customizable. This is why they are the only company that can offer an all-in-one software and hardware and continually develop and improve the product to keep with modern standards.

For professionals who choose Netmon, real time monitoring technology makes it possible to monitor all aspects of your environment, including CPU and RAM utilization on servers, firewalls, switches and routers all in one centralized platform with detailed reports that are just one click away. Comprehensive alerts, in-depth analysis and reporting allow users to narrow in to specific areas for detailed and targeted analysis and troubleshooting.

Security features like the ability to run port scans on any target host and display their current open ports, recently discovered host alerts, and an integrated web tracker service for tracking site hacking and accessibility are also included.

Netmon Inc. specializes in real time network traffic analysis and network monitoring solutions. Netmon's development for the past 10 years has allowed them to become a global leader in the industry as the only company to offer a fully-featured all-in-one network monitoring system backed all around the world by government agencies, large corporations as well as local small businesses alike. netmon.com

To view the video associated with this release, please visit the following link: https://www.youtube.com/watch?v=rV3ukgaO4Ik.

 

CONTACT INFORMATION

Netmon Inc.
1-800-944-4511
info@netmon.com
www.netmon.com

--

ABOUT NETMON INC.

Netmon Inc. was founded in Windsor, Ontario in 2007, specializing in the development and deployment of network monitoring and environmental monitoring solutions. Netmon gives IT administrators complete network visibility in an affordable, appliance-based networking monitoring software solution that is trusted globally by large and small organizations from an array of industries including: military, financial, insurance and information technology firms.

How to configure SNMP on Debian

This will be a fairly straight forward to tell you how to configure SNMP on Debian operating systems.

Warning: Configuration of your linux server is your responsibility. Please don’t damage your linux servers.

Download SNMPd

SNMPd is not installed by default. You must first install snmpd.

apt-get update; apt-get install snmpd

You should see many lines;

The following NEW packages will be installed:
libsensors4 libsnmp-base libsnmp15 snmpd
0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
Need to get 1,659 kB of archives.
After this operation, 4,210 kB of additional disk space will be used.
Do you want to continue [Y/n]?

You click just hit enter. It will download and install snmp. When this is done.

Configure SNMP on Debian

Open the configuration file:

nano /etc/snmp/snmpd.conf

The first thing to change will be at the top of the configuration file.

# AGENT BEHAVIOUR
#

# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

You are changing 2 things here. By default:
#agentAddress udp:127.0.0.1:161 will be agentAddress udp:127.0.0.1:161

AND

agentAddress udp:161,udp6:[::1]:161 will be #agentAddress udp:161,udp6:[::1]:161

Simply make the change to make it appear like above in blue.

Further down the configuration file you can add the following.

Add the following for your internal ip addresses:

rocommunity secret 10.0.0.0/8
rocommunity secret 172.16.0.0/12
rocommunity secret 192.186.0.0/16

Press ctrl+x to exit. Type y to save, and press Enter for the file name.

Restart the SNMP agent:

/etc/init.d/snmpd restart

This should be all you need to do in most cases. Now from Netmon add your server:

There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

How to configure Netflow on a Cisco device for Netmon

Warning: Configuration of the Cisco device is your responsibility and you can potentially do damage to your device so please make backups of your router before making any changes. Commands can vary with different Versions of Cisco firmwares.

Why NetFlow?

The traditional way is to mirror all traffic in its entirety on your switch for analysis. This requires an interface capable of speeds equivalent of the traffic you wish to monitor. NetFlow (and similar protocols) instead summarize and break traffic down for analysis resulting in much less data required.

In this blog I will set up NetFlow on a Cisco 2901 and configure it to export NetFlow in a very basic way (no security) to provide Netmon a remote view of a network at another location – on the other side of an internet connection.

These are the commands will be used:

 snmp-server community public RO

ip flow-cache timeout active 1

ip flow-export source Vlan1

ip flow-export version 5

ip flow-export destination 10.10.1.50 9996

ip flow ingress

ip flow egress

 

How to configure Netflow

Let me show you where to put them. First elevate your privileges to configure the router.

 Cisco2901(config)#

 # snmp-server community public RO

This enables the SNMP community string of ‘public’ and is Read Only. If you have already done this you can skip this step.

 # ip flow-cache timeout active 1

This breaks up the NetFlow traffic into 1 minute blocks.

# ip flow-export source Vlan1

In Netmon Vlan1 will be the ip address the device has been configured. In my case this ip address is 10.66.0.2. The device in Netmon is configured as 10.66.0.2

 # ip flow-export version 5

Netflow version 5 is the most common version of NetFlow used by many manufacturers of routers.

 # ip flow-export destination 10.10.1.50 9996

10.10.1.50 is the private ip address of http://demo.netmon.ca and 9996 is the default port Netmon uses for NetFlow traffic.

User ID: demo
Password: demo742

 Next I have to decide which interface I wish to monitor. I could choose multiple. In my case I have Vlan 111 as a collector MPLS interface which represents all traffic for this network.

# interface Vlan111

 Cisco2901(config-if)#

 # ip flow ingress

# ip flow egress

 Cisco2901(config-if)#

*Hold Control + Z*

 Cisco2901# write mem

Everything is done on the Cisco Router. We move on to Netmon. Navigate to the ‘Devices’ tab of Netmon and click on “New Device”

Add/remove netflow device for cisco on netmon

 

The ip address we had chosen as a source which was Vlan 1 and the Read Only SNMP community string I configured as ‘public’

 

cisco device dashboard netmon 6.0

 Click on the Network tab.

On the right side find the interface you are looking to view.

 

netflow device dashboard netmon 6.0

 

If you click on the interface here you will see a new window.

 

add-edit interface device dashboard netmon 6.0

 You can name this interface whatever you like. I select all 3 boxes.

 

netflow data graph dashboard netmon 6.0

 

You now know how to configure netflow on a Cisco device for Netmon. In a few minutes a graph on the front page will start populating. As it fills in you will see the breakdown of remote traffic summarized by NetFlow.

 

configure netflow on a cisco device data graph

 

If we take a look at the impact NetFlow on the internet connection we see that it averages around 400 kbps. A common 5mbit/1mbit DSL connection can handle this traffic. Comparing that to to the traditional method of simply mirroring traffic this would not be possible as seen in previous graph where traffic is spiking up to 60.23 Mbps.