Filter on AS - absolutely. You can sort on any combination of the following on a particular interface/time period/inbound/outbound: Applications Defined, Applications NBAR, AS, Country (based on geo lookup), Domain, Flow Template, Host to Host, Inbound Threshold, IP Host, IP Range, Subnet, Next Hop, Protocol, Source/Destination Port, Subnet to Subnet, TCP Flags, Types of Service, and Well known ports.
As far as volume and numbers of flows that depends on what box is hosting Scrutinizer. I can't seem to find the link on their site that gave guidelines... However, you should probably check out the demo and contact Plixer support for recommended config of your Scrutnizer box. Oh and we ran the demo for ~6 mos before purchasing. It was good enough until we needed to see historical statistics. Thanks, -Jeff From: Sharlon R. Carty [mailto:m...@sharloncarty.net] Sent: Monday, September 20, 2010 8:55 AM To: Jeff Wojciechowski Cc: Bøvre Jon Harald; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] netflow tools Can I easily filter based on AS number? Can it handle 500 mbit of traffic? On Mon, Sep 20, 2010 at 8:38 AM, Jeff Wojciechowski <jeff.wojciechow...@midlandpaper.com<mailto:jeff.wojciechow...@midlandpaper.com>> wrote: I give Scrutinizer 5 stars!! We have ours running in a windows VM and are keeping 1 month worth of 1 minute data across our network and I can't believe how many minor configuration issues I have found just by looking at 'normal' traffic and then at some point in the future seeing something that doesn't look right. Couple things I wish it would do: 1) is to be able to send email alerts directly based on various alarms (instead of just generating a syslog now). I have been working with the folks at Plixer on the 8 beta (actually installing 8.0.0 RC 1 right now) and they say that this feature will be in one of the next releases. 2) have traffic analysis such as find high point of traffic on specific interface in past X days and I am told something like this is coming down the pike too. Thanks, -Jeff -----Original Message----- From: cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net> [mailto:cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>] On Behalf Of Bøvre Jon Harald Sent: Monday, September 20, 2010 12:14 AM To: m...@sharloncarty.net<mailto:m...@sharloncarty.net>; cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> Subject: Re: [c-nsp] netflow tools Scruitinizer from plixer.com<http://plixer.com/> as a low-cost windows alternative Jon ________________________________________ Fra: cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net> [cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>] på vegne av Sharlon R. Carty [...@sharloncarty.net<mailto:m...@sharloncarty.net>] Sendt: 20. september 2010 01:01 Til: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> Emne: [c-nsp] netflow tools Hello, Anyone know of any netflow collector tools that can filter the data based on ASN? The majority tools I have tried filter based on IP address, IP group, domain name etc. Looking for something that can show me x amount of traffic from asn124 and so on etc -- --sharlon _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This electronic mail (including any attachments) may contain information that is privileged, confidential, or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please delete the original message in its entirety (including any attachments) and notify us immediately by reply email so that we may correct our internal records. Midland Paper Company accepts no responsibility for any loss or damage from use of this electronic mail, including any damage resulting from a computer virus. -- --sharlon ________________________________ This electronic mail (including any attachments) may contain information that is privileged, confidential, or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic mail or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please delete the original message in its entirety (including any attachments) and notify us immediately by reply email so that we may correct our internal records. Midland Paper Company accepts no responsibility for any loss or damage from use of this electronic mail, including any damage resulting from a computer virus. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
