Today I got an interesting briefing about a Lancope, this company provides network monitoring that utilizes netflow version 9 and sflow. The products are in appliance or virtual machine.
The entire monitoring architecture comprises StealthWatch Flowsensor, StealthWatch FlowCollector and StealthWatch Management Console. Each of these components is an appliance or virtual machine.
The flowsensor is deployed to monitor network devices that do not have netflow support, the idea is to place the flowsensor’s monitor port to the port-mirrored destination port of a switch, the flowsensor then convert the raw data into netflow version 9 format and send netflow to the flowcollector, management console then retrieves the netflow information from the flowcollector and tabulate the information into the dashboard to correlate items.
I have a StealthWatch Flowsensor1000 with me and tested it on PRTG. PRTG does have a netflow collector that supports version 9.
cyruslab 
In a normal Netflow 9 enviroment the data flow is not realtime, data is only send when the session ends. How does the StealthWatch handles this data flow when it´s comming from a non-netflow device/port? Do data look more like realtime statistics without any spikes?
Hello Robert, this is the first time I use this product and it is not complete without the StealthWatch management console which is at the actual site. The general idea is for flowsensor to receive raw packets from the port-mirrored destination port and send the converted netflow version 9 format to the flowcollector. So perhaps I can find out when I deploy this at the site to be used together with the management console.
It would be interesting to see how the graph looks. Netflow(9) is a great tool, but if we have long time sessions running, traffic and amount has a tendency to spike and does not always show a “real” picture for short time of periodes. Robert
I am interested to know as well… but this project will be next few months to come… in middle east… over there have a few interesting deployments… and this flowsensor is only a small part…
Time will show then 🙂 Looks like lots of fun. Regards Robert