VNT Help Center

Capture Options

VNT supports the following options for capturing network traffic:

  1. VMWare environment | Netflow
    Available with VMware VSphere Enterprise Plus, configured in the Virtual Distributed Switch level. 

    1. Configure NetFlow collection in VMware VSphere
    2. Direct the NetFlow output to VNT Server (which includes a sensor)
    3. Firewall configuration: NetFlow traffic should be able to reach the VNT Server.
      The NetFlow traffic arrives as UDP traffic originating from each of the ESX Servers’ management IP addresses, so the rules should cover all ESX Servers management IP addresses as sources.

      The target port can be any available port number.
    4. Define the sensor in the VNT GUI

  2. VMWare environment | promiscuous mode
    Deploying VNT’s Virtual Sensor Appliance to the ESX Server and configuring the Sensor Appliance to work in promiscuous mode.

    1. Deploy a Sensor Virtual Appliance to each ESX Server you want to get traffic for.
    2. Set up each Sensor Virtual Appliance VM to view traffic in promiscuous mode (setup details in Configuring a vSwitch with promiscuous mode).
    3. Firewall configuration: VNT Server should connect to the VNT Sensors – TCP port 9545 (by default).
    4. Define the sensors in the VNT GUI.

  3. Physical servers | Netflow
    Configured in the router or the switch and directed to a VNT Sensor.

    1. Verify a VNT sensor is installed and configured.
    2. Configure the router or the switch to send Netflow data to the VNT sensor.

  4. Physical servers | Host sFlow
    Install the Host sFlow agent on any server to collect utilization information and network traffic (currently not supported on Windows). See the Host sFlow website for details: sflow.net 

    1. Verify a VNT sensor is installed and configured.
    2. Configure the collector address for the Host sFlow agent to the VNT sensor.

      See also Recommended sFlow settings.

  5. Physical servers | Port mirroring/tap
    Connecting the VNT Sensors to mirror ports on network switches or to TAP devices.

    1. Prepare a server for the VNT Sensor – either Windows or Linux, can be physical or virtual.
    2. Direct the mirrored traffic to the VNT Sensor.
    3. Firewall configuration: VNT Server should connect to the VNT Sensors – TCP port 9545 (by default).
    4. Define the sensor in the VNT GUI.

  6. Physical servers |local mode
    Installing Sensors on specific servers (physical or virtual). The installation is simple and does not require restarting the server.

    1. Install a sensor on the relevant servers – from which traffic should be captured.
    2. Firewall configuration (where applicable): VNT Server should connect to the VNT Sensors – TCP port 9545 (by default).
    3. Define the sensors in the VNT GUI.

  7. Hyper-V | port mirroring
    Connect the VNT sensors to mirror ports on network switches.

  8. Hyper-V | sFlow
    Use the VNT software extension to the Hyper-V switch, which exports network traffic statistics from Hyper-V hypervisor in sFlow format.
    Follow the steps in Hyper-V sFlow Configuration.

For non-heterogeneous environments, use multiple options. VNT will combine the data in the system.

Was this article helpful?
0 out of 0 found this helpful

Comments