Daniel Senga, a tech support pro for Plixer’s NetFlow, recently offered his thoughts on IP host monitoring with NetFlow.

Much of the time, he writes in the blog post, network administrators “need to monitor activities of a particular host on a network during a specific period of time.” He shows how you can do this in practice.

As Senga reveals, a true NetFlow, IPFIX, or flexible NetFlow Analysis software can filter traffic on a specific host or a subnet, which means the administrator can determine IP addresses or subnets the host they are communicating with, determine how much bandwidth is being used, the protocols associated with the host’s traffic as well as the applications this host is using.

You want to filter on a host IP address? Okay, Senga says, let’s say you’re using a Cisco (News - Alert) IOS NetFlow enabled on your routers, and you want to monitor all communication with the host 67.225.167.100 where the traffic is passing through your WAN link or interface.

You want to know how much bandwidth this host used, who did this host talk to, how long did the conversation last and what protocols were used. Through using NetFlow this is easy as you can generate a report for the WAN interface – “make sure you are viewing the report in IP mode so that you know exactly what you are looking at,” Senga advises, adding that if the host is among the displayed top conversations, “click on it to only view traffic associated with this host. If you cannot find the host, the other option is to add an IP host filter.”

In addition, if you want to know what application 67.225.167.100 was using. NetFlow can handle that too. Vendors such as Cisco and SonicWALL (News - Alert) can define applications in their IP flow implementations using deep packet inspection. It’s possible to configure flow data to tell you what applications 67.225.167.100 was using, and you can then quickly generate a report for the WAN interface, apply an IP host filter or open a conversation NBAR report.