Best way to segregate IPv4 from IPv6 traffic in Scrut reports?

Scrutinizer is an enterprise/business class NetFlow and sFlow analysis tool. Scrutinizer provides historical trends of the company's critical network interfaces as well as the details on:

Who: The end system causing the traffic
What: The application/protocol that is being used
When: The time frame it has been occurring for
Where: The network connection that is affected

Moderators: scottr, Moderator Team

Post Reply
Posts: 2
Joined: Mon Jan 30, 2017 9:39 am

Best way to segregate IPv4 from IPv6 traffic in Scrut reports?

Post by fossicker » Mon Jan 30, 2017 11:18 am

I have a homemade nprobe running Debian Jessie x86, it's an old 32-bit (previously snort) appliance with one 100Mb management interface and six Intel GbE interfaces. Because it's only a 32-bit CPU, and because Luca Deri no longer supports nprobe on x86, I compiled nprobe and nDPI from scratch using old sources I found on github from 2011. It's a fully functional nprobe but with no licensed addons. Right now I have nprobe watching eth0 which is jacked into a switch span port of my LAN uplink.

Is there a way that I can run two nprobes, one to export IPv4 and another to export IPv6, showing up as separate instances in Scrutinizer? Or would you recommend running a basic nprobe -V 9, and then use Scrutinizer reporting to segregate IPv4 from IPv6?

What's the difference between an Interface and an Instance in Scrutinizer?

I am working from ... templates/

When I run a basic nprobe:
./nprobe -a -n -i eth0 -t 60 -d 15 -V 9 -G
I get Interface 0 in Scrutinizer and IPv4 and IPv6 traffic appears together in Reports.

Here's another nprobe I've been playing with, this seems to give me Instance 1 and Instance 2. What is the difference between an Instance and an Interface? Instance 0 seems to give me only IPv4, while Instance 2 gives me both IPv4 and IPv6.

Capture3.PNG (17.57 KiB) Viewed 2221 times

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests