Note: The feature has been temporarily disabled. Existing DPI(Deep Packet Inspection) users can contact netflowanalyzer-support@manageengine.com for support.
To enable DPI, download winPcap and HighPerformance reporting engine add-on. Follow the steps given below:
1. For Windows machine, download and install winPcap packages from the below link :https://www.winpcap.org/install/, skip this step for linux OS.
2. Download and install HighPerformance reporting engine under 'More Downloads' from the link https://www.manageengine.com/products/netflow/download.html
3. Navigate to Settings > NetFlow > HighPerf Reporting Engine, provide installed server login credentials, test and save.
4. Navigate to Settings > DPI, Enable Data Collection, select the ethernet card, select the data retention period and save.
5. To Verify navigate to
To find the respective Network card (in windows ) , open regedit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\ . Here you can find the respective name of network card in readable format.
Traffic packets passing through the network device, can be mirrored to a port of the same device for inspection. Also multiple ( WAN/LAN /Uplink) port traffic can be mirrored and set for inspection. In case you wish to inspect packets from multiple devices, You can save the mirrored packets and upload it to NetFlow Analyzer server. Real time packet capture works only when Netflow Analyzer server is directly connected to the mirrored port.
In the above diagram, 4 ports 1, 2, 7 & 8 are mirrored for monitoring to the last port (port 24) of the device. Here all the mirrored network packets reaches the NetFlow Analyzer as it is directly connected. Port mirroring commands vary from vendor to vendor. You can check with the respective device vendor for commands.
Below is an example for port mirroring on a HP Switch
Below is the detailed cmd structure to mirror all the 23 ports to the last 24th port.
With these received network packets NetFlow Analyzer will analyze the captured packets and generate reports.