How to analyze Cisco NetFlow with FREE tool

NetFlow is a network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. It’s proprietary and supported by platforms other than IOS, such as Juniper routers or FreeBSD and OpenBSD. Cisco routers that have the Netflow feature enabled generate netflow records; these are exported from the router in User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP) packets and collected using a netflow collector. Other vendors provide similar features for their routers but with different names Jflow or cflowd from Juniper Networks, NetStream from Huawei Technology or Cflowd from Alcatel-Lucent. Since my knowledge is mainly in Cisco’s devices area, I will focus on Netflow. A NetFlow record can contain a wide variety of information about the traffic in a given flow, like Version number, Sequence number, Input and output interface indices, Number of bytes and packets observed in the flow, Source & destination IP addresses, Source and destination port numbers, IP protocol, ToS and other… By analyzing flow data, a picture of traffic flow and traffic volume in a network can be built. Cisco Netflow have multiple version from which v5 is the most used at the moment being.

After this brief explanation of what is Netflow, let’s focus on the topic of this article. Lately I was searching for a tool that can analyze NetFlow flow and return to me an acceptable picture of what’s going on in the network. There are a lot in the market and I tried many of them, which offers free trials (maybe someday I will write some reviews about them), but for now I was really searching for something without any cost involving as it was for my private use.

The NetFlow analyzer software that I was looking for, should  be able to:
1. Display graphical format of traffic (graphs, picture…)
2. Allow me to analyze as many devices / interfaces I want
3. Allow to export some reports based on the network activity collected
4. …and the most important for me, to be FREE

As I said before, I tried some tools, with great capabilities (e.g. NetFlow Analyzer from ManageEngine) but they were having limitations that disturbed me (e.g. limitation to only 2 interfaces on the tool from ManageEngine).¬† Searching, I arrived to Scrutinizer NetFlow Analyzer produced by Plixer International. This tool offers exactly what I was searching for, and it is free. Now the ugly part (there is always a part like this…) is that the tool is keeping all information for 24 hours. The good part is that you can export logs on a daily basis (24 hours). E.g I had to monitor traffic for some device for 72 hours, so daily I have exported the logs and the end of the monitoring period I compared all the data. Well, it’s not so nice this limitation of 24 hours. I would prefer 48 or 72 hours, because usually this is the minimum time for monitoring a connection, device or interface. If you buy a license all this limitations are removed. As I said from begining I was searching something for private use…so, this tool was perfect for me. Anyway I believe big companies can afford to buy this tool if they test it and see that fit with their needs.

Anyway, skipping over this 24 hours limitation, the tool give you the ability to gather information from as much devices / interfaces as you want. The reports are presented in nice graphical format, with lots of details. You can download Scrutinizer NetFlow Analyzer from their site, by clicking here. On the download page, you will have the possibility to download the free version (with 24 hours limitation) or the trial version which will give you all features for a certain limited period of time. For the trial version you have to complete a form and they will issue you a trial license.

For an example how to do a basic netflow configuration on a Cisco router and how to operate Scrutinizer Netflow Analyzer please see the presentation below. For the test environment I used an old Cisco 2600 router and my notebook with Scrutinizer Netflow Analyzer installed.

Please note before watching this presentation: is not affiliated in any way with Plixer International and ManageEngine and this is not a “pay per post” article. I just wanted to share with you something that I belive it can be useful.

scrutinizer netflow analyzer

How to monitor IP SLA with free tools

Lately I saw an increasing interest for IP SLA monitor and analyze of the data output. I believe that you already know that you can do IP SLA monitor with a lot of tools from the most expensive ones which include support and assistance to the free ones like MRTG or RRDTOOL. From the statistics that I have, more than 50% of the network engineers interested in this tools have a problem either with the money (low budget or the on and on “we do not have money this year for that investment” ) or making free tools actually work and report accurate data.

Yesterday I received an e-mail from SolarWinds that announce me about their FREE IP SLA monitor tool. Usually I ignore such e-mails as for most of them there is always a catch, but since it was from a company that made me a very good impression over the year by offering exactly what’s specified in the advertisement, I said that I should give it a try. Before I present this to you, let’s make something clear. This is not a commercial post, e.g. post to be pay or another things like that. I do not have time and I don’t want to do such stuff of my blog, but when some product really worth to be tried I think that the development company deserve to be specified.

Since it’s a free tool don’t expect to have all the features of the one which you are paying for it, but compared to the headache of implementing other free tools (MRTG, RRDTOOL) you’ll find this one to be piece of cake. Everybody who has an idea about networking can use this without any problems. Configuration is as simplest as it can be. You have to choose the destination IP or hostname to monitor then pick the monitor service and polish some parameters to your particular network. That’s it! One particular issue to me is that this tool is working only from Windows.

Please have a look below to see how to configure this:

IP SLA monitor tool