Scrutinizer v7.6 has been released. One of my favorite features is the ability to rename NetFlow v9 templates, IPFIX templates and Flexible NetFlow Templates. We had to provide this feature since Cisco NetFlow does not export the template name. Do you know why this is such a cool feature? Read more »
Michael Patterson
Working in technical support I get asked a lot, “I enabled NetFlow on my router, why don’t I see outbound traffic?” This is because NetFlow version 5 only supports ingress flow monitoring and they don’t have NetFlow enabled on all interfaces. In NetFlow v5 outbound traffic is calculated by the idea what goes in must go out (or stop at the router) so, it’s necessary that all interfaces are monitoring ingress traffic to get an accurate representation of outgoing traffic. So, if ingress monitoring has been working great all along why enable egress monitoring?
Paul DubeI was scouring the web looking for information on NetFlow v9 the other day and came across this document on NetFlow. I thought these slides on ‘show ip cache flow’ and ‘show ip cache verbose flow’ were interesting. If you are trouble shooting with a customer, they can be pretty useful. Read more »
Michael Patterson
We had a customer approach us the other day with an nprobe issue. Apparently, he could see the NetFlow v9 data in Flow View of Scrutinizer, but he couldn’t report on the data. How come?
He sent us a Wireshark packet capture and brought up Flow View. Flow View is a way to see the raw flows (inclusive of all columns) being exported by a device.
Anyway, in Flow View everything looked normal, but then one of our developers spotted the word ‘post’ in front of a couple of import column names. We (and Scrutinizer) expect to see ‘octetDeltaCount’ and instead, the customer had configured nProbe to kick out ‘postOctetDeltaCount’.
SUNY Geneseo Network Manager Rick Coloccia found that analyzing Cisco NetFlow packets was the key to network traffic management and monitoring internet use and abuse.
Using Scrutinizer NetFlow Analyzer, he was able to respond to the RIAA’s (Recording Industry Association of America) allegations of students illegally downloading or sharing of music.
Read more »
Do you ever need to see the NetFlow or sFlow data down to the actual second interval? Did you know you can do it with your NetFlow Analyzer? Sub minute visibility is only a click away for the Network Admin. Below I zoomed in on a two minute interval that I want to take a closer look at. Read more »
Michael PattersonYou’ve installed Scrutinizer only to find out that your network hardware doesn’t support NetFlow or sFlow; what now? If you’re in this situation then you’ve come to the right place. I’ve put together a guide on how to configure a Windows nProbe to send NetFlow v5 to your favorite NetFlow collector and analyzer.
Paul Dube
What’s your favorite color? Chances are that your favorite color is not the same as mine. When you use Windows, are you a fan of the old classic view, or do you go for the new Windows look?
We have all been talking about Plixer’s NetFlow analyzer, and how it provides the best in traffic analysis, with its ability to support Flexible NetFlow, NBAR, and Cisco ASA NSEL. But did you know that as a Scrutinizer user, you have different options when it comes to how you want our NetFlow and sFlow Traffic Analysis Tool to look?
Currently there are 5 different skin types available to select from. They are configurable on a per user basis. So if you are in a dark kind of mood, you can change to a dark skin with either green or yellow text.
We had a large carrier call us the other day with a messed up interface names issue in Scrutinizer. The customer was exporting cflowd (NetFlow v5) from an Alcatel-Lucent SR 7750 running TMOS-C-5.0.R21. Read more »
Michael PattersonJust about all NetFlow Analyzers get the interfaces names of the routers and switches using SNMP. Another reason why SNMP vs. NetFlow is really a no contest. Anyway, we can get the names of interfaces using NetFlow via something called NetFlow option templates.
Michael Patterson
