Today I’m going to review Plixer’com’s netflow analyzer called Scrutinizer. Scruntizer is a free, yes you heard that right, FREE netflow analyzer for your Cisco router.
Wikipedia defines Netflow as:an open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information.
Some of the data that can be analyzed with Netflow are:
- Source IP address
- Destination IP address
- Source port (for example UDP or TCP port)
- Destination port (for example UDP or TCP port)
- IP protocol
- Ingress interface
- IP Type of Service
One of the most handiest feature with Netflow is the ability to quickly determine “Top Talkers” on your network. Which protocols are the “Top Talkers”, which source and which destinations are “Top Talkers” At a quick glance the network engineer is able to diagnose the network and determine who or what is consuming the most bankwidth.
Scrutinizing Scrutinizer
Plixer’s Scrutinizer, though can be purchased has a free download that does just about everything you may need. You can setup as many interfaces as you would like and store as much information as you can digest. Or at least as much as your hard drive can hold.
The biggest limitation to the free version versus the paid version is that everyday at midnight the data is flushed and you start over with a clean slate. This may seem like a big issue but the Scrutinizer allows you to email daily reports. To get around this, we’ve setup Scrutinizer to email a full day’s report every day just before the data is purged.
Plixer has several different pricing models to meet just about any departments budget. They also have an appliance version for a complete plug and play implementation.
Overall, Scrutinizer (Free or Paid) is a great tool thats extremely easy to implement and lets you begin seeing your netflow data without a large outlay of cash.
One comment
NetFlow2SQL Collector can be used to receive NetFlow packets from routing devices and store their contents into databases on Microsoft SQL Servers or/and MySQL servers for later retrieval and analysis. The program runs in background as a Windows service, listens traffic data, and records it continuously. Its main features are: decoding of Netflow v5 packets; accessing up to ten local and remote SQL servers; monitoring the overall process.