With Cisco NetFlow technology and Plixer’s Scrutinizer NetFlow Analyzer and Flow Analytics module, network administrators can now monitor and alert on unwanted transport protocols, such as IGMP.
In the Flow Analytics gadget displayed below — the Top Transport gadget — four transport protocols are listed. The three listed in white are in the “Allowed transports” list as shown in the lower half of the image, whereas the IGMP protocol is highlighted in yellow, indicating a violation of the Top Network Transports algorithm. To display and allow editing of the “Allowed transports” list, click on Settings at the bottom of the Top Transport gadget.
To add this protocol to the “Allowed list”, click on the red plus (+) sign to the right of the protocol entry. This will stop this protocol from violating the Top Network Transports algorithm.
Clicking on the red exclamation point (!) to the left of the protocol’s entry will open a new Alarms window showing the alarms for IGMP.
From this Alarms page, you can exclude the violating host (10.1.2.20), by clicking on 10.1.2.20 in the message section of the alarm.
Hovering over the text “ILLEGAL Transport IGMP Traffic” will display how much traffic has been transmitted for this protocol from this IP address.
To receive email alerts based on this illegal transport traffic, the Top Network Transports algorithm in Flow Analytics can be configured to send syslogs to your syslog server (Logalot can be used here), with the syslog server generating email alerts.
Another handy tool from Plixer International and Scrutinizer NetFlow Analyzer.