I have a Cisco 6500 switch that I want to capture all vlan8 traffic incoming and outgoing. I talked with my networking group and they set me up with the following commands. (May not be exact commands but this was an example I gave them)
ip flow-export version
ip flow-export destination
ip flow ingress
I am currently capturing this data using Ntop and we are getting a lot of traffic. I see all incoming and outgoing traffic from all vlan8 machines (192.168.8.0/24). However for any machine that is not in vlan8, but is talking to vlan8, I only see the received traffic from them.
Ex. 192.168.8.10 goes to a website on 192.168.9.20
I only see received traffic from the 192.168.9.20 machine and no sent traffic. Obviously it has sent traffic because 192.168.8.10 received the website.
I just wanted to verify that this is how Netflow captures data and that everything is working correctly. It kinda makes sense to me that sense 192.168.9.20 isn’t in vlan8 it may not get the outbound traffic (even though it sends it to vlan8). Ideally I’d want sent and received traffic from anything that touches vlan8. Thanks.