Network Monitoring & Management


Monday, August 07, 2006

Monitor your network traffic using NetFlow enabled monitoring tools

This article provides information on how to monitor your network traffic going through interface using various Cisco NetFlow based monitoring tools available freeware and commercial versions.
This image gives the rough view of whole setup

1) What is NetFlow
2) NetFlow traffic converter
3) NetFlow collection engines and analyzers

1) What is NetFlow

NetFlow is a proprietary Cisco protocol, and all current Cisco routers and switches support this protocol. These devices record all traffic that traverses the network links and send detailed information concerning that traffic to a NetFlow collector using UDP packets.

NetFlow is the new standard for network traffic analysis; SNMP management just isn't sufficient anymore. Using NetFlow, you can see the utilization on a router—as well as the traffic that's causing the utilization.

According to Cisco a network flow is identified as a unidirectional stream of packets between a given source and destination—both are defined by a network-layer IP address and by transport-layer source and destination port numbers. Specifically, a flow is identified as the combination of the following key fields:

•Source IP address
•Destination IP address
•Source port number
•Destination port number
•Layer 3 protocol type
•Type of service (ToS)
•Input logical interface

These seven key fields define a unique flow. If a packet has one key field different from another packet, it is considered to belong to another flow. A flow might contain other accounting fields (such as the AS number in the NetFlow export Version 5 flow format) that depend on the export record version that you configure.
Version 5 and 9 are most versions of NetFlow. NetFlow v7 is used for switching information.

2) NetFlow traffic converter
NDSAD (NetUP Data Stream Accounting Daemon) by NetUP is a daemon who intercepts all traffic going in the network and exports statistics into the NetFlow v.5 format in real-time. It is compatible with any traffic accounting system which supports Netflow protocol and is freeware!
Here is NDSAD home page
NDSAD has been tested on Linux, FreeBSD, SPARC Solaris and Win32. and available on it’s Sourceforge project page

3) NetFlow collection engines and analyzers

To collect and analyze NetFlow stream, collection engine and a analyzer is required. Some popular freeware and commertial tools are given below

Cisco NetFlow collection engine and analyzer
Platform: HPUX, Solaris, Linux

FLOWD ( Freeware collection engine )
Platform: Solaris 9, Linux FC2, Linux RH9, FreeBSD 3.5+

FlowScane ( Analyzer only )
Platform: Linux, Unix

PRTG( Freeware, Analyzer only)
Platform: Windows 98/ME/2000/XP/2003
Deepesh Goud 12:56 AM | 9 comments | | Permalink

Wednesday, August 02, 2006

How to get Cisco running configuration using SNMP++ 3.x and VC++ MFC

The essential part of this code is SNMP++ library and TFTP server.
You can download SNMP++ form following link

Or if you want compiled version for VC++ 6.0 send me an email

A free ware TFTP Server is here

//Assuming you are using MFC

//Put Snmp::socket_startup(); in your applications InitInstance

//Function parameters
//cro Read-only community
//crw Read-write community
//ciscoIP ip-address of Cisco router
//tftpServer ip-address of tftpserver
//destFile Destination file name for running configuration

//First include snmp++ header file
#include "include/snmp_pp.h"

//returns 0 if fails oterwise +ve value

int YourClass::GetConfig(CString cro, CString crw,CString ciscoIP,CString tftpServer,CString destFile)

int status;
Snmp* snmp = new Snmp(status,8161);

if(snmp == NULL)
AfxMessageBox("Snmp object creation failed !");

if( status != SNMP_CLASS_SUCCESS)

snmp_version version = version2c; // or version1

UdpAddress address(ciscoIP); // Address of your Cisco router
unsigned short port = 161; //UDP SNMP port

//Setting Values
CTarget ctarget(address);

Pdu pdu;
//pdu = new Pdu();

Vb vb;

CString oidTFTPserver;


pdu += vb;

status = snmp->set(pdu,ctarget);

if(status != SNMP_CLASS_SUCCESS)
CString msg_err;



Deepesh Goud 11:13 PM | 0 comments | | Permalink