Hi everybody,

is it possible to capture only one subnet of netflow traffic?
For instance: If a switch processes traffic of the subnet 10.1.x.x and 10.2.x.x, would it be possible to capture only traffic of 10.2.x.x ?

Actually I am using softflowd to capture netflow traffic and it would be best to restrict it only to one subnet directly.
Alternatively: Is there a way to export only those netflows of a specific subnet (e.g. with flow-export from flowtools)?

Thanks for your help! Cheers

Article Comments

Hello,

within PRTG, you can use Filter Options on the Netflow Sensor(s).

best regards.


Jan, 2013 - Permalink

What would be the steps to create this? Under Network Discovery I added a Group. Under the group I Added my network with IPv4: 10.10.*.*

--> no results.


Jun, 2016 - Permalink

Carsten, there may be a slight misunderstanding here. The initial question was to Netflow Sensors and in them, filtering for only certain IPs. It seems you refer to the Auto-Discovery though. Can you share some screenshots showing the settings that you took in the according group?


Jun, 2016 - Permalink

If you wish to compare the traffic usage of multiple subnets in the same flow sensor or filter out a specific subnet in your flow, please check the two alternatives below:

1. You can have multiple sensors monitoring each subnet, you can use the Filtering option within the sensor's settings to create various distinct sensors, one for each sub-net (and set the filters accordingly):

For instance if you have multiple /24 subnets within the 192.168.0.0 network, create distinct sensors and set the following filters:

IP[192.168.10.0/24]
IP[192.168.11.0/24]
IP[192.168.12.0/24]

2. On the other hand if you want to have all subnets within a same sensor, listing only the total bandwidth (and not per protocol) you can check the (Custom) variant of the flow-based bandwidth sensors, leave the filters empty and use a channel definition similar to the following: 

#1:Subnet 10 Traffic
IP[192.168.10.0/24]
#2:Subnet 11 Traffic
IP[192.168.11.0/24]
#3:Subnet 12 Traffic
IP[192.168.12.0/24]

The same rules will also apply (on both cases) if you want to filter a specific host only, for instance IP[192.168.10.123].

For further details about the syntax for filter rules please check:

Note: In both examples above the sensors would also take into account the traffic that goes from one subnet to the other (internal), if you're only interested in traffic that goes to the internet, use the AND filter to include some other condition, for instance Port[] or similar to further filter refine the filter rules.

Best Regards,
Luciano Lingnau [Paessler Support]


Aug, 2016 - Permalink