Recently, I had the need to get a Netflow collector up rather quickly. There were a couple of old circuits that we were in the process of replacing on some remote routers and I needed to know what traffic was still going across them. Since most of the traffic was already going across the replacement circuits – it was some one off host systems that routing was different for various reasons. Before the old T1’s could be disconnected, the oddball conversations needed to be identified and fixed.
Netflow is probably the best method of determining end to end traffic flows. Netflow does not have requirements that you would typically have with doing traditional sniffer traces. The device that is exporting netflow data does all the work. Every time a new conversation is initiated or closed between two systems – netflow data is generated. The exporting device (router,switch,etc.) then sends the conversation information to a netflow collector. Ntop has a plug-in that is used to work as the collector.
About ntop:
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.
The author of ntop has licensed this program as open source and provides compiled binaries for different Unix platforms. However, for the Windows platform, it is encouraged to submit a donation to obtain a fully functional copy of the Windows version. Otherwise, you can download a (demonstration version) Windows binary that is very limited on the amount of traffic it will report on.
Since the software is open source, it is possible to compile it yourself. However, to compile on Windows – you need Microsoft Visual C++ 6.0. There is one other alternative to whipping out a fully functional Windows binary yourself, which is the point of this article.
An open source Windows C++ compiler exists called MinGW. At some point, ntop could be compiled using MinGW along with some other tools. As ntop continued to develop, the compile process broke using MinGW. Admittedly, I wouldn’t have been in any hurry to fix this either if I was the author. I am one of the biggest proponents of Open Source that you will find, but I also agree that open source project owners should have revenue opportunities that provide them income for their efforts.
One of the greatest things about Open Source software is that you are allowed to take the available source and change it anyway you want – as long as you make your changes available back to the community for others to benefit from.
One person has done just that, but available as a separate distribution. Most of the time in the open source world, user contributions are merged back into the original source by the project owner. In this case, for various reasons I’m sure, it was not integrated into the project. The MinGW compatible sources are available as a separate download which is documented here.
Included in this archive are some very well documented instructions on how to compile using MinGW. I went through this process in less than an hour and had it up and running on a Windows 2003 server.
In a separate post, I will publish my spin on the compile instructions which should allow you to get up in running in less than 30 minutes
Compiling ntop on Windows
Recently, I had the need to get a Netflow collector up rather quickly. There were a couple of old circuits that we were in the process of replacing on some remote routers and I needed to know what traffic was still going across them. Since most of the traffic was already going across the replacement circuits – it was some one off host systems that routing was different for various reasons. Before the old T1’s could be disconnected, the oddball conversations needed to be identified and fixed.
Netflow is probably the best method of determining end to end traffic flows. Netflow does not have requirements that you would typically have with doing traditional sniffer traces. The device that is exporting netflow data does all the work. Every time a new conversation is initiated or closed between two systems – netflow data is generated. The exporting device (router,switch,etc.) then sends the conversation information to a netflow collector. Ntop has a plug-in that is used to work as the collector.
About ntop:
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
ntop users can use a a web browser to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface.
The author of ntop has licensed this program as open source and provides compiled binaries for different Unix platforms. However, for the Windows platform, it is encouraged to submit a donation to obtain a fully functional copy of the Windows version. Otherwise, you can download a (demonstration version) Windows binary that is very limited on the amount of traffic it will report on.
Since the software is open source, it is possible to compile it yourself. However, to compile on Windows – you need Microsoft Visual C++ 6.0. There is one other alternative to whipping out a fully functional Windows binary yourself, which is the point of this article.
An open source Windows C++ compiler exists called MinGW. At some point, ntop could be compiled using MinGW along with some other tools. As ntop continued to develop, the compile process broke using MinGW. Admittedly, I wouldn’t have been in any hurry to fix this either if I was the author. I am one of the biggest proponents of Open Source that you will find, but I also agree that open source project owners should have revenue opportunities that provide them income for their efforts.
One of the greatest things about Open Source software is that you are allowed to take the available source and change it anyway you want – as long as you make your changes available back to the community for others to benefit from.
One person has done just that, but available as a separate distribution. Most of the time in the open source world, user contributions are merged back into the original source by the project owner. In this case, for various reasons I’m sure, it was not integrated into the project. The MinGW compatible sources are available as a separate download which is documented here.
Included in this archive are some very well documented instructions on how to compile using MinGW. I went through this process in less than an hour and had it up and running on a Windows 2003 server.
In a separate post, I will publish my spin on the compile instructions which should allow you to get up in running in less than 30 minutes