I was unable to collect flow data with Foglight on the Hyper-V guest I was working with. I thought I had everything set up right but I was missing data.
I enabled port mirroring on the switch port that connected to the router (source) and copied the data to an extra NIC (destination) on my Hyper-V server.
I installed the Quest/ Foglight agent (PTflow) and added the NIC with the mirrored data to a guest. After I enabled the PTflow traffic monitoring on the new NIC I was able to get some traffic flow data; but a lot was either missing, or showed up only as TCP 5053, or TCP 5054 traffic.
I was unable to find a straight answer on the Internet however I did find some people were experiencing similar problems with Wire Shark.
The problem was specific to Hyper-V guests. The virtual NICs are unable to run in promiscuous mode which is necessary to view all traffic data. I began to monitor the PTFlow from the host, rather than the guest, and a wealth of information began to populate.
No comments:
Post a Comment