Configuring Flow Exporters

Network devices and services should be correctly configured to provide statistics about the packets flowing through them. NetFlow capture and export are performed and configured independently on different network items. The configuration procedures differ significantly for various types of devices and collector services. Here we offer just few entry points for some of the most widely used types of devices and services. Refer to your device/service documentation for detailed usage and configuration instructions.

Cisco Devices

For information about configuring NetFlow on Cisco devices refer to documents you can find on official website (www.cisco.com); a good starting point is Configuring NetFlow and NetFlow Data Export.

Other Vendors

There are other vendors who produce network device supporting NetFlow including 3Com (HP Networking), Enterasys Networks, Extreme Networks, Juniper Networks and some others. Refer to a particular vendor's documentation for details of NetFlow configuration.

Software Exporters

Not all network devices support NetFlow. If none of your switches or routers support NetFlow or one of its "kindred" protocols you can use software exporters.

For example, if you have a switch supporting port mirroring/SPAN, you can configure it to send a copy of network packets to a certain network location. It can be, for example, a computer running a software exporter on attached to the mirror port.

Alternatively, if your switch does not allow to mirror your traffic, you can still monitor NetFlow data by using a hub (not a switch) to make your network packets reach a software exporter. For example, having a hub between your external router and your backbone equipment, all the traffic that flows through the link will be available for the software exporter attached to that hub.

There is a number of proprietary and free software NetFlow exporters:

  • fprobe: a free tool based on libpcap, a portable C/C++ library for network traffic capture; fprobe can be compiled for any POSIX-compatible OS (Linux/BSD/Unix-like).
  • nProbe: a commercial product by nTop able to play roles of exporter and collector; there is a free version for no profit institutions and universities; available on Unix (including MacOS X and Solaris), Windows, and embedded environments.
  • ng_netflow: implements NetFlow protocol on FreeBSD; free.
  • NDSAD: a free exporter for BSD and POSIX platforms (based on libpcap library), and Windows (winpcap-based).

Was this page helpful?