What’s all the talk about NBAR?

Posted in NetFlow, Network Traffic Analysis, Scrutinizer on November 20th, 2009 by nathanh
whats-all-the-talk-about-nbar

With the release of Scrutinizer v7.3, we’ve been advertising the support of a couple of new filters that focus around reporting on NBAR. HURRAY!

But in case you don’t know exactly what NBAR is or why its so very cool, lets take a step back and look at what it does for us:

Read more »

Tags: , , , , , , ,

4 Comments »

How to define applications using Cisco NetFlow or Inmon sFlow

Posted in General, NetFlow, Scrutinizer on April 4th, 2009 by mike@plixer.com

Here is a question that often gets asked regarding defining applications in Scrutinizer v6.X. In order to follow this discussion, you need to understand that every packet has a source and destination port.

Q: If I have tcp/5678 as the socket on one side of the flow, and tcp/1234 on the other… How do I tell Scrutinizer that I’m interested in the fact that it’s tcp/5678 and I don’t really care about tcp/1234?

In order to answer this question, it might be best that I explain Scrutinizer’s logic by digressing on how Scrutinizer v6 and v7 deal with the issue.

Scrutinizer v6.X:
The collector will look at both ports (5678, 1234) and perform the following logic:
- Which port is lower: 1234! Is it labeled (e.g. http)?
- Yes: save it as the common port (1234) else,
- Is 5678 labeled?
- Yes: save it as the common port (5678) else,
- Save 1234 as the common port
- Note: if both were labeled, it would have gone with the lower port.

Does the above make it clear? Basically, you have to remove the label on port 1234 to force Scrutinizer to use 5678.

Scrutinizer v7.0:
The collector will use more logic. The steps above are still used, but we added a nice feature. Let’s say you want a certain range of ports matched up with a range of IP addresses to be labeled as an application (e.g. Citrix). You can do this as well. Basically, 5678 may not be saved as the common port, but it will be saved as an application because either the source or destination IP address was identified as part of an application.

There is a screen capture of  the v7 interface in the “Sneak peak of Scrutinizer v7” blog post. Scroll down to the section on “Define Application Groups”.

applicationgroups

Does this help: How can we improve it for your company?

Michael Patterson
Scrutinizer Product Manager
Tags: , , , , , ,

Leave A Comment »

How Cisco NetFlow and Scrutinizer Flow Analytics help track unwanted network applications

Posted in General, Scrutinizer, Security on March 3rd, 2009 by Jo-G
how-cisco-netflow-and-scrutinizer-flow-analytics-help-track-unwanted-network-applications

Cisco NetFlow and Flow Analytics, an add-on for Scrutinizer NetFlow Analyzer, can help track unwanted applications on your network.

Using the updated Top Applications algorithm and gadget available in Flow Analytics v2, you can see at a glance all unwanted applications. If an application is not in your “allowed list”, it will be highlighted in yellow.
Read more »

Tags: , , , , ,

Leave A Comment »