Long ago I had mailed about netflow.
I am still not done learning it.
But I will cover the basics which I know.
Netflow is a traffic monitoring technology useful for figuring out how
your local network is being used.
It is a Cisco standard, it is free and v9 is the latest release.
There is also an IPFIX standard but netflow is free, and plenty of
open source tools
like nProbe, ntop and fProbe are available.
I believe MRTG does not use it though.
Basically it works using the premise that you need a sensor or probe to
collect the flows, sense the traffic.
Then you need a collector to receive these flows collected by the probe/sensor
using UDP either on same machine or different machine.
The collector then writes the flow records into the hard disk.
You can then interpret these binary files and draw a graph or simply
inspect using the text output.
I basically use 3 tools in OpenBSD to do this.
$ softflowd probe/sensor
flowd to collect flows and write to disk
flowd-reader to dump the binary flows into text output
It gives you all the TCP, UDP and ICMP , even raw IP flows telling you
the source and destination IP,port etc.
But it does not give you packet decodes like tcpdump.
-Girish
--
Gayatri Hitech
http://gayatri-hitech.com