Verifying flow to biflow conversion?

Peter Van Epp via Argus-info argus-info at lists.andrew.cmu.edu
Fri Jul 22 11:47:50 EDT 2016


<snip>
> >  
> > I might be missing something here though?
> > Can Argus connect to a router? I thought its function was to connect to a network interface??
> > I don???t have any network interfaces to connect to that allow me to probe the traffic.
> >  

	That is correct, the argus sensor connects to a network link  not
directly to a router. The preferred method would be to insert a network 
tap in line with your router and connect the argus sensor to the tap. The
advantage of this is that argus is isolated from your network and the sensor
can't affect the production network. If a tap isn't possible (which sounds
like may be your case) you can use port mirroring on the router (assuming
the router supports it and has the extra capscity needed to do the mirroring
as it adds load to the router) and connect the argus sensor to that. Note
that typical port mirrors aggregate both tx and rx data in to a single tx
port to argus and thus the link needs to be less that %50 utilized for this
to work. Taps don't have this problem which is why I prefer to use a tap.

Peter Van Epp




More information about the argus mailing list