RE: bandwidth monitoring based on destination IP address

["Omar Khawaja" <omarkhawaja () yahoo com>]

> From what I can tell Netflow will not work with the Cisco PIX or a Cisco
Catalyst switch (except for 6500). Can I use SPAN on a cisco switch to
mirror all the traffic to the server running NTOP, since I can't use
netflow? Thanks.


__
Omar Khawaja

-----Original Message-----
From: Shawn Wall [mailto:sjwall () shaw ca] 
Sent: Monday, January 31, 2005 4:59 PM
To: 'Omar Khawaja'; security-basics () securityfocus com
Subject: RE: bandwidth monitoring based on destination IP address

NTOP is an excellent opensoucre solution. I use it to monitor traffic via
netflow from a Cisco router. See http://www.ntop.org/ntop.html.

HTH

shawn 

-----Original Message-----
From: Omar Khawaja [mailto:omarkhawaja () yahoo com] 
Sent: Friday, January 28, 2005 2:24 PM
To: security-basics () securityfocus com
Subject: bandwidth monitoring based on destination IP address

Hi,

I have a customer who wants to monitor his      bandwidth based on
destination IP - ideally I would have liked to use MRTG (free, easy to set
up, works well), but am not sure if MRTG can pull data off a Cisco router /
PIX firewall via SNMP that will breakdown the usage based on L3 destination.
I figured if nothing else works, I could use brute force - sniff all the
traffic and filter based on destination IP and packet size - somehow, that
doesn't seem like it would be too much fun. I was hoping, with the wealth of
experience and knowledge in this group, someone would have a more civil
solution to this. Thanks

__
Omar Khawaja, CISSP