I personnally believe NetFlow v9 and now IPFIX are two of the greatest, if not the greatest, revolution in network traffic monitoring. It makes a substantial amount of usefull traffic information available to the network administrator. However,  to truly take advantage of  NetFlow, a software with powerful reporting capabilities is required. Today, I would like to talk about our NetFlow Analyzer data filtering capability.

In “Advanced NetFlow Analysis requires Advanced Filters“, Paul explaines how filtering works in our NetFlow and sFlow analyzer. One in particular, the “Advanced Filter”, makes me think of how in anatomy documentaries, researchers dissect small animals such as frogs and rats in order to take a closer look at their organs. This filter is like a scalpel in the hands of network admins; allowing proper dissection of network traffic. With “Advanced NetFlow Filter” you can filter on any column contained in a NetFlow Template or Template record.

If you’ve configured Flexible NetFlow (FnF) to export layer 2 information, you can use this filter to report, for instance, on MAC addresses.  Gathering URLs from NetFlow is another good example.  Three companies are already exporting URLs with IPFIX (Citrix AppFlow, nBox and SonicWALL).  IPFIX is the proposed standard for NetFlow and supports variable length fields which is why NetFlow cannot be used to export URLs.  That’s a bit of trivia you can share with your friends!

I hope you enjoyed this blog; please feel free to contact me with questions.



Dale Locke author pic


Dale Locke is the Regional Manager for the southeast US at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long lasting relationships with his clients. Dale's favorite hobbies include fishing, hiking, soccer, and football.


Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply