NetFlow reporting is about more than reporting on top x (e.g. Hosts as shown below). Scrutinizer has the most canned reports over every other Netflow Analyzer on the market. In fact, we have so many that we had to add logic to version 8 so that certain reports (e.g. NBAR Reports) don’t show up unless the NetFlow / IPFIX collector is receiving the necessary fields in the NetFlow templates.
We have been developing our Netflow solution for over 5 years and realized long ago that NetFlow reporting and filtering is essential to a proper in depth NetFlow traffic analysis solution. If you are looking at a NetFlow data and want to run a report on the same filter, check out some of these reports, many of which are unique to Scrutinizer. First, lets look at bits per second:
Packets per seconds will likely follow the same patter as the above. At least, usually.
Flow volume however, may or may not follow the same pattern as above.
A host scanning the network would cause an increase in flows but, not necessarily an increase in bits or a dramatic increase in packets.
We can also trend:
- The volume of hosts on the network at any given time.
- The volume of address pairs.
- Domains, VLANs, MAC Addresses, VRF Information, etc.
The above is why we are the leader in NetFlow Reporting and lets not forget IPFIX reporting. Maybe I’ll post a blog on why NetFlow filtering is so important.