How to analyze Cisco NetFlow with FREE tool

NetFlow is a network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. It’s proprietary and supported by platforms other than IOS, such as Juniper routers or FreeBSD and OpenBSD. Cisco routers that have the Netflow feature enabled generate netflow records; these are exported from the router in User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP) packets and collected using a netflow collector. Other vendors provide similar features for their routers but with different names Jflow or cflowd from Juniper Networks, NetStream from Huawei Technology or Cflowd from Alcatel-Lucent. Since my knowledge is mainly in Cisco’s devices area, I will focus on Netflow. A NetFlow record can contain a wide variety of information about the traffic in a given flow, like Version number, Sequence number, Input and output interface indices, Number of bytes and packets observed in the flow, Source & destination IP addresses, Source and destination port numbers, IP protocol, ToS and other… By analyzing flow data, a picture of traffic flow and traffic volume in a network can be built. Cisco Netflow have multiple version from which v5 is the most used at the moment being.

After this brief explanation of what is Netflow, let’s focus on the topic of this article. Lately I was searching for a tool that can analyze NetFlow flow and return to me an acceptable picture of what’s going on in the network. There are a lot in the market and I tried many of them, which offers free trials (maybe someday I will write some reviews about them), but for now I was really searching for something without any cost involving as it was for my private use.

The NetFlow analyzer software that I was looking for, should  be able to:
1. Display graphical format of traffic (graphs, picture…)
2. Allow me to analyze as many devices / interfaces I want
3. Allow to export some reports based on the network activity collected
4. …and the most important for me, to be FREE

As I said before, I tried some tools, with great capabilities (e.g. NetFlow Analyzer from ManageEngine) but they were having limitations that disturbed me (e.g. limitation to only 2 interfaces on the tool from ManageEngine).  Searching, I arrived to Scrutinizer NetFlow Analyzer produced by Plixer International. This tool offers exactly what I was searching for, and it is free. Now the ugly part (there is always a part like this…) is that the tool is keeping all information for 24 hours. The good part is that you can export logs on a daily basis (24 hours). E.g I had to monitor traffic for some device for 72 hours, so daily I have exported the logs and the end of the monitoring period I compared all the data. Well, it’s not so nice this limitation of 24 hours. I would prefer 48 or 72 hours, because usually this is the minimum time for monitoring a connection, device or interface. If you buy a license all this limitations are removed. As I said from begining I was searching something for private use…so, this tool was perfect for me. Anyway I believe big companies can afford to buy this tool if they test it and see that fit with their needs.

Anyway, skipping over this 24 hours limitation, the tool give you the ability to gather information from as much devices / interfaces as you want. The reports are presented in nice graphical format, with lots of details. You can download Scrutinizer NetFlow Analyzer from their site, by clicking here. On the download page, you will have the possibility to download the free version (with 24 hours limitation) or the trial version which will give you all features for a certain limited period of time. For the trial version you have to complete a form and they will issue you a trial license.

For an example how to do a basic netflow configuration on a Cisco router and how to operate Scrutinizer Netflow Analyzer please see the presentation below. For the test environment I used an old Cisco 2600 router and my notebook with Scrutinizer Netflow Analyzer installed.

Please note before watching this presentation: FirstDigest.com is not affiliated in any way with Plixer International and ManageEngine and this is not a “pay per post” article. I just wanted to share with you something that I belive it can be useful.

scrutinizer netflow analyzer

Published by

Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

5 thoughts on “How to analyze Cisco NetFlow with FREE tool”

  1. Good thing that you brought this up :) Just as Plixer (free edition) can store data for 24 hrs. ManageEngine NetFlow Analyzer (free edition) can store for first 30 days (720 hrs). After 30 days it goes on to monitor only 2 interfaces. But you can re-install it after first 30 days and get the the reports for another 30 days and so on. Since your requirement is not seamless report generation across various months and you need only short term reporting, you might as well go for 30 days than 24 hrs.

    Joe

  2. Thank you for reading my article and for comments.

    Joseph, as I wrote in the article, ManageEngine Netflow Analyzer is also a very good product, and for the record, the article about it is in progress and will appear on this site very soon. I chosed the product from Plixer first because it was the first that I finished to test.

    Actually is like this. I setup a lab environment to test NetFlow analyzer products, then in parallel I test more of then like Scrutinizer, ManageEngine and other products that I found free or at least with a reasonable trial period on Internet.
    After some test period I take the good and the bad and try to present everything from a user perspective and as objective as I can be.
    One thing is clear. I do not recommend a product against other. The final choice  is users call and I don’t want to interfear with anybody’s preferences. I just try to contribute to global knowledge by sharing some of my experience in certain domains.

  3. Hey, I can’t wait for you to present the soft from ManageEngine…I’m really interested in it after I tried the one from Plixer.

Leave a Reply to OviCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.