This is Brighton. He is currently 3 1/2 years-old and he’s my son. He’s very much like his mother, with a strong will and a fierce determination that will make him successful in about anything he does.

However, that same determination also sometimes makes his parents want to carve their brains out with a spoon.

He’s at that stage where he will repeat the same thing over and over and over and over until everyone immediately stops what they are doing to address his needs.

This is part 3 of a series on the ToS field (i.e. Differentiated Services Field) of IP frames. I’m getting closer to how it relates to NetFlow and sFlow.  Make sure you have already read Part 1 and Part 2 of this blog.

ToS part 3
In this blog I copy largely from RFC 2474, which was written in 1998. I discuss how 6 bits of the 8-bit ToS is now the Differentiated Services Code Point. See the screen capture below from my first blog. This is where we are today however, many of us still refer to this field as ToS (i.e. type of service). Sometimes it is called the Differentiated Services Field (DSF) but, not as often.  Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

Black Hat Las Vegas is taking place this week. The event is where professional hackers gather to share what they’ve been working on over the past few months. The results are often pretty startling for most average computer users.

For instance, Alessandro Acquisti, a researcher at Carnegie Mellon University is going to show how information about an individual’s place and date of birth can be exploited to predict his or her Social Security Number. To cut a long story short, Acquisti says SSNs were designed to be simple identifiers and not for authentication purposes, and so businesses should stop using them as confidential passwords.

We know enterprise networks are big targets for cybercriminals. Here are some Black Hat Vegas briefing sessions by security professionals about new attacks that could be around the corner and how to protect against them. Slides from the presentations are expected to be available at the Black Hat site after the event. Slides from January’s Black Hat DC 2009 briefing sessions are here. Read more »

I had a customer ask me how HP Procurve’s Class of Service (CoS) for VLANs could be monitored in Scrutinizer with QoS (Quality of Service).

HP Procurves export sFlow (sampled flows). Scrutinizer v6.05 listens to sFlow counters and samples. If specific VLAN tag information is sent out, Scrutinizer ignores it in the current release.

What the sFlow collector (e.g. Scrutinizer), does see is the ToS (Type of Service) byte included in the sFlow packet. The values for this 8-bit field can be defined in Scrutinizer in the QoS Definitions option in Settings. The QoS Definitions feature allows network administrators to customize their QoS settings, with the ability to run reports based on the 8 bit ToS values or 6 bit DSCP values.

Read more »

Cisco IOS IP Service Level Agreements (SLAs) help network administrators ensure that a high level of voice and data communication quality is maintained. Cisco IP SLA operations are a proactive method of reliably measuring network performance. IP SLA data can be retrieved and trended with an SNMP Performance trender to enable users to graph performance over time. Cisco IP SLA and SNMP should be in the tool belt of every network administrator. Pair these technologies with a NetFlow analyzer and you’ve got a great setup to help troubleshoot most network problems.

The purpose of this blog is to outline some of the IP SLA configuration changes in newer versions of Cisco’s IOS.

We’ve written a 4-part blog in the past that focuses on the following IP SLA operations:

Read more »

I know that I already blogged about being back from SharkFest 2009. I wanted to write about my favorite keynote speaker, Dr. Lawrence Roberts. He was one of the founders of the Internet and TCP/IP.

Overview of Internet growth
During his presentation he said that 80% of Internet traffic is caused by 5% of the people and most of the traffic created by this 5% is P2P.  He went on to point out that in 2008 22% of the population was online.  By 2018 it will be at 99%.

Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

With flow monitoring becoming a practical solution for traffic analysis, numerous vendors have created their own version of flow export for their devices. Regardless of whether you are working with NetFlow, sFlow, Netstream, or jFlow; each device’s exportation method is similar.

Consider the command: ip flow-cache timeout active 1

I wanted to cover this command that is native to Cisco devices using NetFlow, simply because everyone forgets to use it. But before I rave about how important it is, just remember that this configuration can be found in various forms, across multiple vendors. Here’s a brief list:

Read more »

This is part 2 of a series on the ToS field of IP frames. Eventually I’ll get around to how it relates to NetFlow and sFlow.  Oh, and Part 1 is here.

ToS part 2
I’ve read some interesting posts on QoS from other companies in reference to NetFlow. The authors of those should read this blog post because calling DSCP or ToS the ‘QoS’ field in my opinion isn’t really a correct use of the acronym.  Silly, silly, silly…..   Anyway, in this blog I will take text largely from the RFC as I review RFC 1349 which covers how the Type of Service octet consists of three fields:

Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

C‭isco, in its midyear security report, notes that although vulnerability and threat activity has been off to a slower start this year compared to 2008, we should expect spam volumes to rise to record levels. Cisco says that Memorial Day on May 25, 2009 was the third-highest volume day ever recorded for spam. The report also suggests that criminals are expected to maintain their aggressive targeting of legitimate websites to create botnets through the propagation of malware.

Cisco also warns that until social networking sites use “more robust protection”, cyber criminals will continue to target popular online communities to lure unsuspecting users to click to fraudulent sites or to download malware. Read more »

I had a customer call in the other day asking about NetFlow with VSS. I had no idea so I decided to learn about ‘VSS’. I made call to my CCIE friend Chuck Cahoon at CDW.
Read more »