Overview
Seems like everyday we have someone uninstall Scrutinizer because they didn’t realize their routers and switches don’t support NetFlow or sFlow.  About 3 years ago we released a software package called nProbeLive that was similar to nProbe.

nProbe can be installed on a computer which sits on a mirrored or spanned port of a switch.  Basically, it converts the packets seen into NetFlow v5, v9 or IP FIX.

Big Problem
A mirrored port may send in and out traffic ‘OUT’ the spanned port so the nProbe sees it all as ‘IN’ traffic.  What’s the problem? It will generally over state utilization on the interface and it is difficult to determine what was sent Vs. received.  Explaining this issue became exhausting so we posted a nProbe FAQ on it.

Wireshark or nProbe ?
NetFlow Analysis does not give nearly the insight as Packet Analysis however, it causes much less traffic.  If you need archiving of high level information (i.e who is talking with who and with what), use nProbe.  If you are trying to get juicy details like URLs, etc. use Wireshark.

Scrutinizer Vs. Wireshark
We look at Scrutinizer as being to NetFlow what Wireshark is to packet analysis.  The archiving capabilities of NetFlow and sFlow are much more efficient.  The details however, are left to packet analysis.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter Tags: NetFlow Probe, nProbe

This entry was posted on Monday, January 26th, 2009 at 7:06 pm and is filed under NetFlow, Scrutinizer. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.