I was working with a call center that had a problem with high bandwidth usage and he wanted to know if Scrutinizer NetFlow & sFlow Analyzer would be able to help him out. They were seeing a lot of Facebook traffic on their network and wanted to be able to see if it was coming from the call center.
I let him know that with Scrutinizer, he could add a filter to show him all of the Facebook traffic on his network and limit it to the traffic from a certain IP range. He could also add a filter that would monitor his NetFlow data and alert if a certain amount of Facebook traffic originated from that IP range.
With this information he could see who the top Facebook talkers were and address those users individually.
We need to select the internet router. In this case we are going to select the router and all of its interfaces.
Add an IP Host filter. The IP Host would be the Facebook IP (126.96.36.199). I used source or destination so I can see all of the traffic to and from Facebook.
Add an IP Range filter. In this case it would be the IP Range for the call center’s PCs.
Now you should be able to see Facebook traffic, if you have any.
Now you need to set up a tool to monitor this traffic and alert us if it is seen. You do this by adding an inbound threshold filter. Then anytime traffic is seen that violates that threshold, you will be alerted via a Scrutinizer Alarm and a Syslog message.
Now you have created your own monitoring tool!