At Plixer International’s Technical Support desk we often take calls in support of our NetFlow and sFlow analysis tool that deal with disk space and disk performance issues. In the world of NetFlow and sFlow collector appliances, the name of the game is to have sufficient available disk space and minimize disk I/O. Read more »
What’s your favorite color? Chances are that your favorite color is not the same as mine. When you use Windows, are you a fan of the old classic view, or do you go for the new Windows look?
We have all been talking about Plixer’s NetFlow analyzer, and how it provides the best in traffic analysis, with its ability to support Flexible NetFlow, NBAR, and Cisco ASA NSEL. But did you know that as a Scrutinizer user, you have different options when it comes to how you want our NetFlow and sFlow Traffic Analysis Tool to look?
Currently there are 5 different skin types available to select from. They are configurable on a per user basis. So if you are in a dark kind of mood, you can change to a dark skin with either green or yellow text.
Yes, you can use NetFlow to monitor traffic and bandwidth usage on an ASA.
One of the primary uses for NetFlow on a Cisco ASA is as a transport protocol for security events. But if you are using the right NetFlow Analysis tool, you can also analyze traffic using NetFlow sent from the Cisco ASA.
This is really important as I have seen many companies that have remote sites that are connected with a Cisco ASA, but had no devices behind the ASA’s that supported NetFlow. This meant that they couldn’t leverage NetFlow to analyze traffic.
A few months ago Nathan invited us to take a deeper look at NSEL. NSEL is the NetFlow exported from an ASA Firewall. He showed us how to enable and configure ASA for NetFlow.
Traditional NetFlow records upstream and downstream traffic between two end points as two different flows. In the case of an ASA device, most bidirectional flows are already assembled internally and are considered a single flow. So the flow records reported by NetFlow on an ASA Firewall will describe both directions of the flow.
Today I am going to do brief overview of what each of the templates is telling us.
Since the release of the latest version of our NetFlow and sFlow analysis tool, I have been blogging about some of the new features that are available.
One of the new report features available gives you the ability to filter on conversations and show user defined applications that were involved in those conversations.
I took a call the other day from a customer who asked, “How do I set up my router to send NetFlow to Scrutinizer?” This is a question that I get on a pretty regular basis, so I strapped on my router config hat and got ready to throw out the typical IP FLOW commands to get the flows going. But then I asked for the model of the router. “It’s a Cisco Nexus 7000,” the customer told me. I found that this device does not run the usual IOS that we have all come to know and love. It runs Cisco’s NX-OS. And Cisco’s NX-OS CLI is completely different.
Cisco NX-OS supports a flexible architecture that allows a user to collect different data for different applications per interface. It allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields, whereas the Cisco IOS Software supports one flow mask and export pair for the entire chassis.
A couple of weeks ago I began a series of blogs that introduced you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.
Today I will be introducing you to the fourth of the new analytic tools now available with Scrutinizer v7.3. The Top Flows algorithm utilizes Flow Analytics – Top Flows, and checks to see if hosts involved with large numbers of flows have a large percentage of flows that are incomplete. This is determined by looking at the TCP flags field in each flow record.
If it is a TCP flow record and it does not have the FIN flag set, it could indicate a host that is not able to make a full connection to the host it is trying to reach. This is typical for things like port scans and even P2P applications. Another possibility is that a host just has a misconfigured application that needs to be addressed.
Well it looks like our run of nice weather has ended here in Southern Maine. Saturday we had our first snow of the year. It was kind of a nice touch to be at a holiday party and have the snow falling outside. And then to wake up Sunday morning to find that the view outside your window is like that of a Currier and Ives winter print.
A couple of weeks ago I began a series of blogs that introduces you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.
Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack.
Let me start by saying, I hope that everyone had a great Thanksgiving. At our house, we fried two turkeys this year. It was the first time that we attempted this, and after reading all the warnings that came with the new fryer, I guess the fact that no one got hurt means that the holiday was a success.
Last week I began a series of blogs that introduce you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.
With the release of Scrutinizer v7.2 last month we offered an upgrade/migration path for those customers running Scutinizer v6. I have had some customers ask, “Why should we upgrade” or “What will we gain from Scrutinizer v7 that we don’t have now?”
The updated release of Plixer’s network traffic analyzer last week made the answer to that question very clear.
