Monday is off to a good start as we released Scrutinizer v7.5. The biggest new feature is the Matrix. Try grabbing the inside of it and spinning it with your mouse. Click on an IP address and notice the links change color. It’s very cool and Scrutinizer is currently the only NetFlow Analyzer that can display data like this.
Anyway, this blog is really about a conversation I had today with a customer that was looking for specific data:
- Across multiple routers
- On a specific subnet
Scrutinizer has probably one of the best at sFlow and NetFlow interfaces for filtering. It allows you to include or exclude specific data. Check out these filters:
Notice in the list that you can add filters for specific applications (including NBAR) as well as for specific NetFlow Templates which is very very important for NetFlow v9. Filter on TCP flags, add multiple interfaces from different routers, specify class A, B, C, etc. subnets or even specific protocols, Scrutinizer can do it.
I love demonstrating how Flexible NetFlow can really be appreciated when the software is designed to take advantage of it. If you are looking for MAC addresses from NetFlow (not shown in the filter list) you can use Flow View. It’s just awesome.
I quickly created a filter for the customer I had on the phone and created a report for the selected filters (sorry I had to block out the host/IP addresses):
Above I added 3 interfaces from 3 different routers and filtered for hosts in the 22.214.171.124 class A subnet. Call us if you need help with this stuff. Network Traffic Analysis demands good filtering and Scrutinizer is good at it.