ads

Style3[OneLeft]

Style3[OneRight]

Style5[ImagesOnly]

Style2


I was unable to collect flow data with Foglight on the Hyper-V guest I was working with.  I thought I had everything set up right but I was missing data.

I enabled port mirroring on the switch port that connected to the router (source) and copied the data to an extra NIC (destination) on my Hyper-V server.

I installed the Quest/ Foglight agent (PTflow) and added the NIC with the mirrored data to a guest. After I enabled the PTflow traffic monitoring on the new NIC I was able to get some traffic flow data; but a lot was either missing, or showed up only as TCP 5053, or TCP 5054 traffic.

I was unable to find a straight answer on the Internet however I did find some people were experiencing similar problems with Wire Shark.

The problem was specific to Hyper-V guests. The virtual NICs are unable to run in promiscuous mode which is necessary to view all traffic data. I began to monitor the PTFlow from the host, rather than the guest, and a wealth of information began to populate.

About Steven M. Jordan

Steven Jordan is an infrastructure and process management specialist. Steven holds a Master of Science degree in ICT from the University of Wisconsin Stout. Steven is also a Cisco Certified Network Professional (CCNP) and Master Gardener.
«
Next
Newer Post
»
Previous
Older Post

No comments:

Post a Comment