This Quick Start guide will help you to start using the blësk Network Traffic Analyzer (NTA) after installing the blësk Network Monitoring system.
¶ Initial Configuration
Network Traffic Analyzer only monitors what it sees from its own physical connection to the network, or what it is told by a NetFlow or sFlow probe or meter. The options for feeding data to NTA are as follows. You must choose one or more methods and implement them in order for NTA to correctly see traffic on your network.
Use port mirroring: Some switches have a feature that allows the administrator to configure the switch so that all traffic that comes in or goes out on a set of ports is also copied and sent to another port. This mirrored port is then connected to the blësk server. The network card connected to the mirrored port doesn't require an IP address. You will just need to make sure that it comes up during start-up.
Use NetFlow Probes: NetFlow is a Cisco technology that has been adopted by the industry. A NetFlow probe aggregates flow and can send them to a flow collector for analysis. blësk is a NetFlow collector.
For best results, NetFlow probes should be placed at aggregation points i.e. on the LAN side of all access layer routers, or alternatively on the internal interface of the Internet router.
The procedures and commands differ for different vendors but essentially you will need to specify the NetFlow version number, the IP address of the NetFlow collector [which in our case is your blësk server] and the port on which the collector is listening (typically 2055).
Use sFlow Probe: sFlow is a more standards-compliant alternative to NetFlow which is capable of monitoring gigabit-capable links. blësk is also a fully capable sFlow collector.
The procedures and commands differ for different vendors but essentially you will need to specify the IP address of the sFlow collector [which in our case is your blësk server] and the port on which the collector is listening (typically 6343). Needless to say, the IP address of your blësk server should be reachable from the NetFlow/sFlow device.
Use bProbe: bProbe is a network probe that is configured to run in packet logger mode. It can be installed on a pc and inserted at a key juncture in a network to monitor and collect network activity data. The data collected is sent to a central “receiver” server (in this case, blësk).
For bProbe to be used with blësk, your NTA should be configured as a NetFlow collector because bProbe use the NetFlow protocol to send captured data to blësk
¶ Using NTA as a NetFlow Collector
To achieve this, you need to do the following:
Configure the NetFlow probe to send its flow information to NTA. The procedure differs from one vendor to another. Here is the procedure for some of them:
Configuring-NetFlow-on-Network-Devices
¶ Using NTA as a sFlow Collector
To achieve this, you need to do the following:
Configure the sFlow probe to send its flow information to NTA. The procedure differs from one vendor to another. Here is the procedure for some of them:
Configuring-sFlow-on-Network-Devices
List of devices compatible with sFlow