We have reached the end of another Friday. First! A special shout out to all the Dads out there. I hope you all have a great weekend of pampering and special treatment.

I decided to write on this subject since the above question does seem to be coming up more and more. So let’s take a moment and discuss how NetFlow works.

NetFlow is quickly becoming the technology of choice when monitoring network performance. One of the coolest things about it is the ability to see granular data on a minute by minute basis. Knowing exactly what happened at 12:13PM yesterday afternoon is just cool.

Since people prefer that granular data, all our math is based on the router exporting flow every minute. So with every minute that goes by, Scrutinizer is populating tables with this 1 minute data. But here is where database management becomes critical…

Read more »

When you work in the field that I do, sometimes you celebrate events that leave other people scratching their heads wondering what the hype is all about.

A customer of mine and I were recently having a discussion on various devices that supported NetFlow. His Fortinet firewall became part of the discussion, and at the time, I didn’t think it supported any kind of flow export. However, after finishing the conversation and hanging up the phone, he sent me an e-mail with a nice link documenting sFlow configs for the Fortinet firewall. (Special shout out to Steve for the link)

With the release of FortiOS 4.0MR2, you now have the option of enabling sFlow to monitor your traffic stream. If you’d like to know more about sFlow, please refer to the indepth blog entitled:

“What is sFlow? How do I understand it?”.

To setup sFlow:

Read more »

After getting back from Paris, France last year (which was my first international trip), I decided that I would do Rick Steve’s job for half the price. I absolutely loved the experience and envy anyone that could travel on a regular basis. I made a personal promise that my next trip was going to be to Ireland. I’ve always wanted to go, so dangit, I was going to go.

Well, I just got back from my trip two weeks ago today and it was really an experience for the books. Between belching volcanoes, airlines losing my bags and Irishmen doing covers of Pearl Jam, it was fantastic-ness in epic proportions.

If you ever wanted to go, do it. Here’s a couple suggestions from me:

The Guinness brewery tour is really fun to check out. Be sure to start your tour in the morning when they open, that way you can already be two (free!) beers into your day by 11am. Don’t judge me, I was on vacation.

Read more »

Over the past couple months, I’ve posted a series of blogs that help highlight some of Scrutinizer’s best features, its strengths and weaknesses and why it might be worth your time in evaluating.

I’d like to devote this blog to the effort of making an easy to read article that might assist you in making an informed decision about the many networking monitoring tools available. Let us know if you have any questions.

Read more »

Maybe its because I’ve always been a “support guy”. Maybe it’s because I’ve never been to a “How to be an effective salesman” seminar. I know that I’m not an exemplary seller.

I remember once working at an electronic retail store when I was 17. There was this lady coming in and looking at the cutting edge 900mhz cordless phones that had just come out. The lady was looking at this specific Sony model and the phone was on sale for $79.99.

She was contemplating the purchase, when my conscience got the best of me:

Read more »

I love Chinese food. I eat at our local Chinese restaurant probably once every two weeks. As I scan the menu, I always crack up at the kids section of the menu. For here I am, contemplating which Lo Mein deliciousness I want and then my eye catches the word ‘cheeseburger‘.

I always kind of chuckle at that: “Who really orders a cheeseburger at a Chinese joint?!”

But when I think about it, they must have had a reason to post burgers, mac and cheese and hot dogs on the menu…

See, when you get that craving for a Pu Pu platter and a Scorpion bowl, there’s probably a good chance that your kids won’t appreciate your selection. So to appease the children, let’s get them something they will end up eating.

Here’s my point.

Read more »

I don’t remember where we saw it, but there was a report that stated there were 102 unique vendors that released a NetFlow tool in 2008.

I don’t know how accurate that is, but I can definitely confirm that if you go to Google.com and search the key word NetFlow, you’re going to get a LONGGGGGGGG list.

So with a plethora of options and little time to evaluate, what does Scrutinizer offer that might make it worth…scrutinizing? (Sorry, couldn’t help it)

Here’s five compelling reasons to take a look at my product:

Read more »

Hi there all! Another week is coming to close and I hope its been a good one. With the Cisco ASA being the hot topic for the past couple months, I wanted to share this blog with you.

This is a very important topic, since this will help you understand how the ASA reports conversations differently from other switch/router counterparts. Let’s take a look:

Undirectional NetFlow:

Traditionally, NetFlow is a unidirectional technology. As an example, when host A sends traffic to host B, this will create a single flow. When host B replies, a second flow is created within the router cache. So using that example, conversation A –> B creates a flow of 500kb. The return reply from B –> A will create a separate flow of 75kb.

Bidirectional NetFlow:

As of today, I’ve only ever seen bidirectional flows from the Cisco ASA. To summarize though: instead of getting two flows as illustrated above, you will only get one flow from the host who initiated the conversation. However, within that one flow, you will have the correct total of traffic for the connection and reply. So take the conversation I used in the example of Unidirectional Flows: A –>B = 500kb, B –> A = 75kb

Since there is only one flow created, this one flow will present the total of 575kb, A –> B = 575kb, instead of breaking into two summaries.

This is a strange way of rendering a flow, if you want my opinion. I’m not sure why Cisco decided to implement this, since it makes it tougher to figure out the flow direction.

“So this 575kb conversation, is this from A –> B or is this B –> A?”

Regardless,we should be grateful to have a firewall exporting NetFlow in the first place and I’m sure everyone else feels the same way…

If you would like more information regarding the unique properties of the ASA, please give us a call and we’ll be happy to help.

Nate

Hi there everyone! I hope you’ve had productive week and I wish you all a fantastic weekend.

This week, we’ve had two successful webinars that highlighted some of the fun new features for Scrutinizer v7.5 and I’d like to make the replay available to everyone who wasn’t able to be in attendance.

So if you’d like to get the inside scoop on some of the new goodies like NBAR reporting, the new Matrix connections report and the Flow Expert toolset ; take a seat, grab some popcorn and enjoy the movie.

Oh, to take advantage of these new features, be sure to upgrade your copy of Scrutinizer to v7.5.

Here’s the link to the latest download: Scrutinizer v7.5 update

If there are any questions that come up during the webinar, please feel free to contact us and we’ll be happy to help.

(207) 324-8805

Nate

Over the past couple months, the hot topic in the NetFlow world has definitely been the Cisco ASA. Since they can be found in networks both big and small, I feel like I’ve helped every network admin from here to Kalamazoo get one configured.

I was talking with someone today that was evaluating our NetFlow Analyzer and he was wanting to know how to see his ASA flows. I first wanted to make sure that he had configured it correctly, so I asked him:

“Did you find any documentation on getting the ASA configured?”

“Yeah, I found the configs on the Cisco website…”

Once he said that, it immediately came to mind that there might be a configuration adjustment that would need to be made when working with my collector. We logged into ASDM and sure enough, there was a small tweak we needed to make…

Read more »