Defrag your hard drive!

As mentioned in Scott’s blog,  “Getting the most from your NetFlow and sFlow Analysis Tool“, disk fragmentation can be the primary cause for slow performance in running NetFlow reports.

Due to the large volume of data stored when collecting NetFlow packets, disk I/O may already be pushed to the limits on your server.  Add to that a highly fragmented disk drive and you might as well go hang out at the water cooler while you wait for your report to run.

Here’s an example of an extremely fragmented disk:

As Scott mentioned in his blog, “With hard drives, blue is a good thing, red is bad. Ideally we would want to see mostly blue and white.”

But, on the other hand,  if you don’t have anything better to do with your time, if using Scrutinizer has so streamlined your network monitoring that you need to slow your day down a bit, then please, leave your disk fully fragmented and take a break!

Otherwise, if you prefer your Netflow reporting to complete in your lifetime, then defrag!

And in the spare time that you now have to kill, you can monitor excessive Facebook traffic and other odd traffic patterns on your network, or read our blogs to learn how to enable Flexible NetFlow, or give us a call to find out what else our NetFlow solution can do for you.

- Joanne

If you are seeking a good understanding of NetFlow, or a better understanding of how it can be enabled, configured, and analyzed, the “Commercial NetFlow Applications” chapter from the book Digital Forensics for Network, Internet, and Cloud Computing can be a great resource.  Written by Mike Patterson of Plixer International, Inc., the chapter details NetFlow and explains how you can capitalize on its utilization. Read more »

Our NetFlow and sFlow Analyzer receives  data collected over a 1 minute time interval  per flow, and can store up to 100 000 conversations (flows) per device. One limitation in NetFlow monitoring today is the amount of disk space needed to store the collected network traffic information. Especially, if one’s intent is to hold on to that information  for a certain period of time. In this blog I will try to help you understand how Scrutinizer archives data. In addition I will talk about the NetFlow Calculator, which can be a helpful tool for estimating the disk space needed on your NetFlow analyzer server. Read more »

Daniel Senga
Tech Support
Follow me on Twitter

Such a dilemma, when it comes to Autonomous System NetFlow exports, which do you prefer: peer-as or origin-as?  If you don’t care about Autonomous System reports, you still just might find this post interesting.  I’ll try to keep you captivated!

Autonomous System
First of all, what is an Autonomous System? Within the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. A single ISP can support multiple Autonomous Systems Numbers (ASN). The ASNs supported by the ISP are advertised via their Internet router using the BGP Protocol. So what is BGP?

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

One of the things that sets our NetFlow and sFlow analysis tool apart from our competitors is the dynamic reporting options that exist within our reporting engine.

I had a customer the other day show me how he was using Scrutinizer to catch DNS pirates.

Let’s take a look at how he setup the report filter to do this.

Read more »

If you’re a faithful follower of our blogs, then you are familiar with the “samplicator” described in Michael Patterson’s “Free NetFlow Forwarder or NetFlow Duplicator” blog from May 29th, 2010.

If you’re not familiar with this NetFlow Forwarder application and you have the need for exporting NetFlow packets to multiple (unlimited!) collectors, then you must read his blog.

With switches or routers that do not support NetFlow export to more than one NetFlow collector, or if you have the need to export to more than the typical two collectors, the samplicator is an ideal solution.

Configuration is quick and easy and, if using the config file to list source (exporters) and destinations (collectors), extremely scalable.

Read more »

This is part 3 of a 3 part series.  Part 1 and part 2 covered other topics.  In the third NetFlow lab we studied the traffic from a VoIP connection.   

Read more »

Michael Patterson
Scrutinizer Product Manager

We want to work in more Cisco BGP reporting in Scrutinizer NetFlow Analyzer and I need some help.  I need some NetFlow packet captures with BGP information. Can you send me one?

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

Over  the last few weeks I have taken a number of support calls from customers who were looking for some assistance configuring their Cisco ASA. So I figured that I would take this opportunity to revisit some older blog subjects.

In my opinion, the easiest way to get NSEL exporting from these security appliances is through the use of the ASDM interface. This simple, GUI-based firewall management tool allows you to quickly configure the Cisco ASA without having to use the cumbersome command-line interface.

And that brings me to the subject of this blog.

Configuring the Cisco ASA using the CLI is really not that much different that configuring NetFlow on any other router or switch. You define your timeout value, flow export destination, and which interface is going to send the export. The difference is that you need to set up a service policy, and access rules that allow the export. As well as define which events are going to get exported and where.

So let’s get started.

Read more »

This is part 2 of a 3 part series.  Part 1 can be found here. In the second NetFlow lab we did a HTTP Comparison using my web browser and going to a common web site.  I wanted to see what kind of traffic occured when I visited the front page of llbean.com without clicking on anything.  How many packets were transfered and how many flows were created? 

Read more »

Michael Patterson
Scrutinizer Product Manager