What’s your favorite color? Chances are that your favorite color is not the same as mine. When you use Windows, are you a fan of the old classic view, or do you go for the new Windows look?

We have all been talking about Plixer’s NetFlow analyzer, and how it provides the best in traffic analysis, with its ability to support Flexible NetFlow, NBAR, and Cisco ASA NSEL. But did you know that as a Scrutinizer user, you have different options when it comes to how you want our NetFlow and sFlow Traffic Analysis Tool to look?

Currently there are 5 different skin types available to select from. They are configurable on a per user basis. So if you are in a dark kind of mood, you can change to a dark skin with either green or yellow text.

Read more »

Yes, you can use NetFlow to monitor traffic and bandwidth usage on an ASA.

One of the primary uses for NetFlow on a Cisco ASA is as a transport protocol for security events. But if you are using the right NetFlow Analysis tool, you can also analyze traffic using NetFlow sent from the Cisco ASA.

This is really important as I have seen many companies that have remote sites that are connected with a Cisco ASA, but had no devices behind the ASA’s that supported NetFlow. This meant that they couldn’t leverage NetFlow to analyze traffic.

Read more »

Have you heard about exporting egress NetFlow? Do you want to know why it is different from ingress NetFlow or more importantly, when to implement it for network traffic monitoring? I’ll cover this topic in today’s blog. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

A few months ago Nathan invited us to take a deeper look at NSEL. NSEL is the NetFlow exported from an ASA Firewall. He showed us how to enable and configure ASA for NetFlow.

Traditional NetFlow records upstream and downstream traffic between two end points as two different flows. In the case of an ASA device, most bidirectional flows are already assembled internally and are considered a single flow. So the flow records reported by NetFlow on an ASA Firewall will describe both directions of the flow.

Today I am going to do brief overview of what each of the templates is telling us.

Read more »

If you missed the NetFlow training webinars Plixer offered over the last three days, then feel free to watch the recording we made of Thursday’s presentation. The webinar, which covered Cisco ASA and NBAR NetFlow reporting, was presented by Scrutinizer NetFlow & sFlow Analyzer Product Manager, Michael Patterson.

As always, keep an eye out for emails from Plixer for future webinar invitations. We also try to post many of these signups on our blog. Thanks for watching!

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

Join one of our upcoming webinars on Cisco ASA and NBAR NetFlow Reporting. Agenda - Cisco NetFlow: Intro and how to report on it. - Cisco ASA NetFlow exports and how to interpret the data. - Cisco NBAR reporting for layer 7 application reports (e.g. who is using: Skype, kazaa2, RTP, etc.). Register for one of the times below » Tuesday, Dec. 15 @ 11am EST » Wednesday, Dec. 16 @ 9am EST » Thursday, Dec. 17 @ 1pm EST

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

Last week I blogged on Upgrading to Scrutinizer v7.2 NetFlow & sFlow Analyzer.

We have had such an overwhelming response from both existing and potential customers for this version of our network monitoring application that we are now sending the upgrade instructions to customers to allow them to upgrade at their leisure.

It has been very well received, as it now allows customers to schedule their upgrade to non-business hours if necessary. Also, for customers with secure servers without Internet access and unable to allow us to use remote access software (we use GoToMeeting), they can now perform the upgrade on their own and enjoy the new features of Scrutinizer.
Read more »

Apparently the Cisco ASA is becoming a popular appliance for securing today’s businesses from the uglies that plague the Internet.  More specifically, the ASA running v8.2.1 or newer exports Flexible NetFlow (a variant of NetFlow v9). Why is this so cool?

The Key Advantages of using Flexible NetFlow on Routers:

A) User configurable ability to monitor a wider range of packet information which produces new information about network behavior: In other words, we can specify exactly what we want.  This is useful if you are trouble shooting and looking for very specific information that isn’t exported in traditional NetFlow (e.g. MAC addresses, VLAN IDs, NBAR, etc.).

B) Enhanced network anomaly and security detection: Basically, Flexible NetFlow can monitor more deeply inside packets.  What could these mean to the market for NBAD solutions?

C) Convergence of multiple accounting technologies into a single mechanism: This is basically reinforcing the above feature of collecting on any specific information but, using it for different purposes.  For example, maybe the NetFlow volume is so high that you have to use sampling.  This could throw a wrench into your accounting and billing plans as they likely won’t be accurate without 100% traditional NetFlow capture. Flexible NetFlow allows you to have a sampling export as well as other exports specific to traffic type (e.g. IP subnet) occurring simultaneously.

Read more »

Late last week, we announced the version 7.2 release of Scrutinizer NetFlow & sFlow Analyzer, which includes data migration from Scrutinizer v6.

If you’re currently running version 7 of Plixer’s NetFlow analysis tool, then moving to v7.2 is a simple incremental upgrade.

However, for those customers who have been waiting anxiously to upgrade from version 6.x to v7, this is a major release and we want to make sure that using this network monitoring tool remains as pleasant an experience as ever.

For that reason, among others, we are assisting with the upgrades from Scrutinizer v6.x to v7.2 in these first few weeks of this release. And so far, it has been a relatively seamless process with delighted customers as a result.

Read more »

If you are running Scrutinizer v7.01, the Cisco ASA interfaces don’t show up in the Status tab yet. It was a philosophical decision. Here’s why:

The ASA running v8.2.1 exports bidirectional NetFlow!  This is unlike anything else we’ve seen.  In nearly all NetFlow exports v5, v9, IPFIX etc. flows are exported in one direction (i.e. A -> B and then a separate flow for B -> A).   This is true for ingress or egress NetFlow. For Example: lets say A -> B creates a flow of 200KB.  Then in return:  B -> A causes a 2nd flow of 40KB. Well, the developers of the ASA decided to be unique and add the two flows together and export A -> B 240KB!!!!  The two added to each other is called a bidirectional flow.

Because of this, when we calculate the percent utilization using NetFlow (i.e. not SNMP) by adding the total flows together we overstate InBound/OutBound utilization in the Status tab. We are talking with Cisco about this unconventional export method. We have no definitive news yet.

NOTE: The ASA also doesn’t support an Active Timeout causing huge spikes in the graphs and thus making network traffic analysis kind of tricky when traffic that occurred over several minutes shows up in a single minute!

If you are seeing some screwy results with ASA and NSEL, the above is why. Anyway, everyone can blame Mike for not sticking the data in the Status tab!

Here is a pic of our  ASA:

Need help configuring NetFlow export from the ASA?  You can also setup NetFlow exports up using Cisco ASDM. Make sure you have watched the Cisco ASA and NetFlow training video.

____________________________________
Jim Dougherty aka "Jimmy D"
Lead PreSales Support Engineer and
Netflow Evangelist for Plixer International!

Follow me on Twitter
http://twitter.com/jimmydnet
____________________________________