I have been exploring software to capture and monitor the traffic running across my network.
I am using the Traffic Flow of RouterOS to output flows from the gateway control routers in my network.
These control routers are connected to a switch and are communicating with our mater control routers via VLAN. Two of the gateway routers use PPP to connect and have NAT configured on them. As I want information regarding who is using the bandwidth I have configured RouterOS to output Traffic Flows on only the internal VLAN interface as that will show all the internal IPs.
However, every program (NTOP, WhatsUp Gold, SolarWindows, Scruntizer, ManageEngine, and various linux cflow, and flow tools) is showing me multiple netflow interfaces being output.
On the gateway routers that have PPP connections I use SNMP to retrieve the interface names the programs report a flow coming from the VLAN interface AND from the PPP interface AND from an Unnamed/Unknown interface.
On the gateway routers that have straight lan connection to modems with staic IPs I use SNMP to retrieve the interface names the programs report a flow coming from the VLAN interface AND from the Modem Ethernet interface AND from an Unnamed/Unknown interface.
The RouterOS is configured to output only flows for the VLAN interface why is it still outputing info on these other interfaces?
Cheers