Plixer International developed the Scrutinizer NetFlow Analyzer software. Scrutinizer is one of many options for capturing and analyzing NetFlow data on a NetFlow collector.
Recall the configuration from the previous topic:
- IP address 192.168.1.1/24 on G0/1
- Ingress and egress traffic monitored for NetFlow
- NetFlow collector at 192.168.1.3/24
- NetFlow UDP capture port 2055
- NetFlow Version 5 export format
The Scrutinizer software has been installed on the NetFlow collector at 192.168.1.3/24.
Figure 1 displays the software interface upon opening the Scrutinizer application.
Figure 2 displays the result of clicking the Status tab after the application is running. The software displays a message: Flows detected, please wait while Scrutinizer prepares the initial reports.
Figure 3 displays the Status screen after a few minutes. Router R1 has been configured with the cisco.com domain name.
The SNMP configuration from the previous section is still active on R1. The Scrutinizer software was configured with the SNMP community batonaug in the Admin Settings tab. When the SNMP link under R1.cisco.com in the left panel is clicked, the display in Figure 4 appears. This shows a basic traffic analysis for R1 communicated to the NetFlow collector via SNMPv2c. The Multi Router Traffic Grapher (MRTG) is free software that many network administrators use for basic traffic analysis. The Scrutinizer application integrates MRTG and the graphs in Figure 4 are produced by MRTG. The top graph reflects ingress traffic and the bottom graph reflects egress traffic for interface G0/1 on R1.
Finally, in Figure 5 the Dashboard tab displays actual NetFlow data reported for Top Hosts and Top Applications. The Scrutinizer software has dozens of these gadgets available for displaying various categorizations of data. In Figure 5, the top host is R1, with the greatest amount of traffic between R1 and the NetFlow collector. The top application is HTTPS, followed by SNMP, HTTP, SSH, ICMP, and NetBIOS.