Michael W. Lucas
Network Diagnosis with Netflow

How to Stop Blaming the Network and Find the Real Problem

Netflow is a tool for collecting evidence of actual network activity. Unlike Wireshark or tcpdump, which only tell you what is happening right now, netflow tells you what happened in the past and allows you to compare and contrast current and historical behavior.

Netflow is extremely powerful but has a reputation for being obtuse and costly. While netflow might not be easy, it becomes much less agonizing if someone takes you through its worst parts. With the right knowledge, anyone can implement netflow for minuscule costs in both hardware and time. Netflow picks up where tools like MRTG leave off, and will not only solve innumerable technical problems but resolve administrative and social problems you probably resigned yourself to enduring years ago.