Unvalid flow data

[willemdh]

It seems the tool is broken and not sending valid sflow data from Windows. Tested with Nagios network Analyzer.

[sflow]

The host-sflow agent for Windows does not send packet-samples ("flow data") if that's what you mean. It sends CPU/mem/IO stats only. It's true that on Linux you can configure hsflowd to do that using iptables ULOG, but it is generally better to monitor traffic at the upstream switch port, or in the virtual switch (open vSwitch or MS hyper-v extensible vSwitch both have sFlow capabilities).

It's true that the Windows port could be extended to sample packets via libpcap/NDIS. Is that what you were expecting?

Neil

[willemdh]

Yes indeed Neil. That's indeed what we were expecting. Thanks for your answer. We have multiple reasons for the need of a flow probe. As we can't enable flows on VMware standard switches (only on distributed whichrequires enterprise plus license), we need to do it on some hosts to discover what or who and how much is still using the server. I was looking into nProbe today, but it seems they force you to pay a donation of 150 $ to be able to download their agent.