I haven’t seen it pop up yet but, I think debates over Cisco Vs. Huawei will eventually rise and when it does, will NetFlow and IPFIX reporting be important factors?  It is too early to tell however, I do know where both companies stand in regard to flow exports.

Read more »

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

We have beefed up our Cisco ASA NSEL Reporting using of course NetFlow. NSEL = NetFlow Secure Event logging and ASA = Adaptive Security Appliances. What is interesting about Cisco ASA NSEL NetFlow is that according to the documentation we have, the NetFlow exports kick out several different templates.  The most popular of which seem to be these:

• Extended: if the flow is torn down before the configured delay, the flow-create event is not sent; an extended flow teardown event is sent instead.
• Denied: flow was explicitly denied from being created in the first place. A Denied no XLATE event shows that the event was denied and no translation of the source and destination IP addresses and ports is done. This is typical when using NAT addresses.
• Flow Created: event is exported as soon as the flow is created

• Teardown: events indicate that an existing flow in the flow database of the appliance has ended. It could be due to “natural” causes (TCP: fin/fin-ack/ack, UDP: firewall times it out), or it could be a flow that has a problem detected midstream and the firewall shuts it off. The Teardown event will give you the total byte count (both inbound and outbound) for the entire flow in the octetTotalCounts field.

Read more »

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

Move over JFlow, Juniper is now has supporting IPFIX.  Juniper IPFIX exports include some neat stuff that we didn’t see in JFlow.  If you are not aware, JFlow is basically a rename of NetFlow.  IPFIX is the proposed standard for NetFlow and is supported by vendors such as Cisco, Citrix, Extreme, nBox, Plixer and SonicWALL. How do you get IPFIX from your Juniper hardware?

Read more »

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

A Network Behavior Baseline can help find a few problems as well as report plenty of false positives. Cisco is aware of this as well as the need for improved security methods.  Consequently, they have released several new technologies which include NetFlow v9 and Flexible NetFlow exports.  This blog outlines a few of the recent ones we’ve seen released this year.

Read more »

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

Capturing WoW traffic with NetFlow

This is a question I get asked a lot. How can I tell if my employees are gaming during company hours?  I’m going to explain how you can use NetFlow to determine if there is World of Warcraft traffic on your network. With over 12 million subscribers I figured network administrators would find this information useful.

Read more »