In this blog I will be discussing how to configure Cisco 6500 Sup2T NetFlow. The Cisco 6500 Supervisor Engine 2T exports Flexible NetFlow, so your old Cisco 6509 NetFlow configuration will no longer be compatible with this setup.
Read more »
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
The Cisco ASA is a great tool for Cyber Threat Defense. In part one of this blog I described the 3 components of Cisco’s threat defense solution. In this half I will be showing you some more benefits of the solution, and how it can be used in correlation with other technologies to give you end to end visibility in your network.
Jimmy WendlerFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
In Part 6 of our NetFlow V9 overview series, I will be talking about the Cisco routers that support NetFlow and the IOS releases that you need to be deployed on to get NetFlow configured.
In this blog series we have seen how the NetFlow packets are delivered to the collector and what is contained within each packet. Now let’s take a look at the devices that we can export flows from. While the focus has been on Cisco devices, many new vendors have come on board with new template exports using NetFlow v9 or IPFIX that drastically enhance what was seen with NetFlow v5.
Here is a list of some Cisco devices that support NetFlow and whether they can be configured with traditional, Flexible NetFlow, or both.
Scott RobertsonFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Did you recently upgrade your Cisco ASA and run into flow-export active refresh-interval problems? If you were starting to appreciate the numerous NetFlow Security Event Logging (NSEL) enhancements available in the Cisco ASA 8.4(5) NetFlow export you may be left disappointed after upgrading the ASA to version 8.5(1), 8.6(1), 8.7(1), 9.0(1), or 9.1(1). What happened?
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
We have added Cisco Catalyst 3850 Netflow support to the current release of Scrutinizer, NetFlow and sFlow Analyzer. This switch is no Catalyst 3750 as it offers both wired and wireless as well as native Netflow support without a 3KX module. The switch can enable multi-level QoS based on granular information such as SSID, client, radio, application and fair share policies for wireless, while Scrutinizer performs network traffic monitoring on all of these parameters for details.
The Cisco ASA Cyber Threat Defense solution is made up of 3 components. The first is a basic network threat detection tool and is enabled by default on all ASA’s with 8.0(2) or later firmware. Basic threat detection monitors the rate at which packets are dropped by the ASA device. Because it is just monitoring for dropped packets across the whole appliance, the information is typically not enough to provide information about the source or nature of a malicious threat but could be a sign that some sort of nefarious activity is occurring and can be very useful for internet threat defense when exported to a logging tool using NSEL or syslogs. Read more »
Jimmy WendlerFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
In Part 4 of our NetFlow Overview series, I will be discussing the NetFlow Data Flowset. In Part 3 Joanne discussed the NetFlow Packet Template FlowSet and what is contained within. The templates tell the collector what information is being exported by the device. The Data FlowSet records contain values which correspond exactly to the definitions in the corresponding template. Without the template information the collector would just throw the records away.
Early NetFlow versions all have fixed formats which cannot be changed or added to. So no new or optional information can be exported by these formats (eg, these can’t export IPv6 or any new metrics such as jitter and packet loss or application definitions). In NetFlow version 9 and IPFIX the template mechanism is flexible and expandable: the exporter simply sends a template containing the new fields, which tells the collector exactly what information the device will be exporting.
Scott RobertsonFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Although the Cisco ASA NetFlow exports have had some problems in the past, Cisco was the first vendor to export flows from a firewall so a few issues out of the gate are almost expected. Despite a few enigmas, it was still great to have and certainly better than nothing. In order to optimize the network for speed and reliability, IT professionals are always looking for more visibility into traffic. Therefore more information exported via NetFlow is always better.
Read more »
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
Is your engineering team trying to decide if you should be exporting NetFlow or IPFIX? This is the area of the technology where many first time vendors make mistakes. Implementing NetFlow or IPFIX is not difficult. But when programmers rely solely on RFCs as an implementation resource, the result is usually an export that many flow reporting vendors won’t support. For this reason, this blog is largely dedicated to engineers who either want to export these technologies correctly or who need to troubleshoot what is wrong with an export they have been asked to look at.
Michael PattersonFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
This article covers the benefits and capabilities provided by a new class of network monitoring technology called a NetFlow generator. But before we get too far into NetFlow generation details, let’s do a quick review of NetFlow itself for those that are new to the topic.
NetFlow and IPFIX are network monitoring technologies providing deep visibility into network traffic. NetFlow was originally developed by Cisco and later standardized into IPFIX by RFC 5101. Traditionally, NetFlow was included as a feature of routers, switches, firewalls, and other network devices. It’s even found in virtualization platforms such as VMWare’s vSphere 5.0 and above. Any device that can generate NetFlow packets is called an exporter. As packets travel through the exporter the device records information about the flow of traffic. Data elements such as packet count, source and destination IP, MAC address, and much more are stored in a memory resident data structure within the exporter called a cache. As the flows time out they are placed into a UDP datagram and sent across the network to a NetFlow Collector. The diagram below illustrates the process.
Once enabled NetFlow is used for a variety of network operations and security tasks including:
Adam PowersFor a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!
