NetFlow capture may already be in use by other tools in the environment.
Since Faddom sensors do not require the NetFlow traffic to be sent directly to them, you can use one of the two methods below to allow Faddom to receive the netflow traffic as well.
Promiscuous Mode
Promiscuous mode is a parameter that you can set for a port group in VMware that will allow that port group to see all traffic on a VLAN.
To enable this you should do the following:
Deploy a Faddom Sensor VM in VMware. To get the sensor ova file, see here.
Create an affinity rule in VMware to have the sensor always be on the same ESX host as the current Netflow collector
Create a new port group for the Faddom sensor VM
Set the VLAN to be the same VLAN as the current Netflow collector
Enable promiscuous mode for the port group
Add an additional network interface to the Faddom Sensor VM and connect that NIC to the new port group created above
Log in to the Faddom Sensor and run the ~/configIp.sh script to configure the network interface
Configure the Faddom Sensor in the Faddom UI in the Settings->Sensor Status screen
Port Mirroring
An additional option to duplicate the Netflow traffic is to use the built-in mirroring capabilities of the VMware distributed switches to mirror the NetFlow traffic to Faddom.
Create a port mirroring session using the following method:
Open the VMware web console and navigate the distributed switch on which the tool receiving the NetFlow is residing
Open the configuration tab and select Port Mirroring
Create a new port mirroring session using the following details:
Select the Encapsulated Remote Mirroring session type
In the properties, set the status To Enabled
In the Select sources section, select the tool that is currently receiving NetFlow
In the Select destinations section, enter the IP address of a Faddom sensor
Faddom should now receive all the same NetFlow traffic as your other tool