Flow Collection in NetCrunch

NetCrunch has a built-in flow collector which supports sflow/jflow/Netflow. This article will demonstrate how to configure the NetCrunch Flow collector and display flow data for analysis.

Pre-Requisites

Flow protocols have been developed to extend bandwidth analysis beyond bulk bandwidth monitoring and provide visibility into sources and uses of network transmitted data. This gives the IT professional the ability to 'peer-into-the NIC/port' and understand the 'data conversation' as well as the consumption of networks services and applications.

Flow collection starts with properly configuring target devices that support Flow, typically switches, routers and firewalls. To send flow data to the NetCrunch Flow listeners, your flow-capable devices must be configured to send supported flow data to the NetCrunch server. Supported flow protocols are:

NetFlow (1,5,8,9,IPFIX), slow, jflow, cflow, appflow, rflow, Netstream

Please consult your network device documentation for availability of supported flow protocols and how they should be configured.

Flows in NetCrunch

The NetCrunch flow collector is enabled by default and is listening for on the following ports:

NetFlow: 9996

sflow(jflow,etc..): 6343

Listening port values can be changed to accommodate your unique configuration requirements.

To confirm that the NetCrunch Flow collector is enabled and properly configured, navigate to: Tools > Options > Monitoring > Flow Collector Enable flow collector

Flows tab

If your flow-supporting devices are properly configured and NetCrunch is listening on correct port - flows will appear on the Flows tab associated with any of the NetCrunch views. All observed flows are available from the Network Atlas view. Flows can be filtered according to your selection in the various views (IP Networks, Physical Segments, and Custom Views).

This view presents all collected flows. Flow summary view

If you want to know more about NetCrunch flows please visit links below to see how to configure custom application to be discovered by NetCrunch or how to utilize CISCO NBAR technology.

Monitoring flows of custom application

NetCrunch support for Cisco-NBAR

flowflowsjflownetflowsflow

NetCrunch. Answers not just pictures

Maps → Alerts → Automation → Intelligence

See NetCrunch in ActionCheck Pricing