Defrag your hard drive!

As mentioned in Scott’s blog,  “Getting the most from your NetFlow and sFlow Analysis Tool“, disk fragmentation can be the primary cause for slow performance in running NetFlow reports.

Due to the large volume of data stored when collecting NetFlow packets, disk I/O may already be pushed to the limits on your server.  Add to that a highly fragmented disk drive and you might as well go hang out at the water cooler while you wait for your report to run.

Here’s an example of an extremely fragmented disk:

As Scott mentioned in his blog, “With hard drives, blue is a good thing, red is bad. Ideally we would want to see mostly blue and white.”

But, on the other hand,  if you don’t have anything better to do with your time, if using Scrutinizer has so streamlined your network monitoring that you need to slow your day down a bit, then please, leave your disk fully fragmented and take a break!

Otherwise, if you prefer your Netflow reporting to complete in your lifetime, then defrag!

And in the spare time that you now have to kill, you can monitor excessive Facebook traffic and other odd traffic patterns on your network, or read our blogs to learn how to enable Flexible NetFlow, or give us a call to find out what else our NetFlow solution can do for you.

- Joanne

If you are seeking a good understanding of NetFlow, or a better understanding of how it can be enabled, configured, and analyzed, the “Commercial NetFlow Applications” chapter from the book Digital Forensics for Network, Internet, and Cloud Computing can be a great resource.  Written by Mike Patterson of Plixer International, Inc., the chapter details NetFlow and explains how you can capitalize on its utilization. Read more »

Our NetFlow and sFlow Analyzer receives  data collected over a 1 minute time interval  per flow, and can store up to 100 000 conversations (flows) per device. One limitation in NetFlow monitoring today is the amount of disk space needed to store the collected network traffic information. Especially, if one’s intent is to hold on to that information  for a certain period of time. In this blog I will try to help you understand how Scrutinizer archives data. In addition I will talk about the NetFlow Calculator, which can be a helpful tool for estimating the disk space needed on your NetFlow analyzer server. Read more »

Daniel Senga
Tech Support
Follow me on Twitter

Such a dilemma, when it comes to Autonomous System NetFlow exports, which do you prefer: peer-as or origin-as?  If you don’t care about Autonomous System reports, you still just might find this post interesting.  I’ll try to keep you captivated!

Autonomous System
First of all, what is an Autonomous System? Within the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. A single ISP can support multiple Autonomous Systems Numbers (ASN). The ASNs supported by the ISP are advertised via their Internet router using the BGP Protocol. So what is BGP?

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

This weekend I took a break from NetFlow and sFlow network traffic analysis to join the Moxie Outdoor Adventure whitewater rafting crew and take on the Kennebec River rapids.

Read more »

Paul Dube
Technical Support
Follow me on Twitter

One of the things that sets our NetFlow and sFlow analysis tool apart from our competitors is the dynamic reporting options that exist within our reporting engine.

I had a customer the other day show me how he was using Scrutinizer to catch DNS pirates.

Let’s take a look at how he setup the report filter to do this.

Read more »

If you’re a faithful follower of our blogs, then you are familiar with the “samplicator” described in Michael Patterson’s “Free NetFlow Forwarder or NetFlow Duplicator” blog from May 29th, 2010.

If you’re not familiar with this NetFlow Forwarder application and you have the need for exporting NetFlow packets to multiple (unlimited!) collectors, then you must read his blog.

With switches or routers that do not support NetFlow export to more than one NetFlow collector, or if you have the need to export to more than the typical two collectors, the samplicator is an ideal solution.

Configuration is quick and easy and, if using the config file to list source (exporters) and destinations (collectors), extremely scalable.

Read more »

This is part 3 of a 3 part series.  Part 1 and part 2 covered other topics.  In the third NetFlow lab we studied the traffic from a VoIP connection.   

Read more »

Michael Patterson
Scrutinizer Product Manager

There is no doubt that flow technology is revolutionizing network monitoring. In this  NetFlow/J-Flow/IPFIX/sFlow era, there is no need to settle with only knowing utilizations on the network. Besides, little analysis can be done in monitoring bandwidth only anyways.

Scott wrote a blog earlier that made a valid point: “A Network Administrator’s abilities are only as good as his awareness of what happens on his network.” In harmony with that statement, it’s beneficial to have useful tools to be able to collect that traffic information.

Recently, I learned that J-Flow is supported for the Juniper SRX series Gateways. I thought this might be good information for people who want to start monitoring flows on this type of device, especially our NetFlow and sFlow Analyzer users, since it can also process J-Flow packets. Below are some sample commands taken from Juniper’s Knowledge Base which walks you through your J-Flow configuration. Read more »

Daniel Senga
Tech Support
Follow me on Twitter

We want to work in more Cisco BGP reporting in Scrutinizer NetFlow Analyzer and I need some help.  I need some NetFlow packet captures with BGP information. Can you send me one?

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter