A couple of weeks ago I began a series of blogs that introduced you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Today I will be introducing you to the fourth of the new analytic tools now available with Scrutinizer v7.3. The Top Flows algorithm utilizes Flow Analytics – Top Flows, and checks to see if hosts involved with large numbers of flows have a large percentage of flows that are incomplete. This  is determined by looking at the TCP flags field in each flow record.

If it is a TCP flow record and it does not have the FIN flag set, it could indicate a host that is not able to make a full connection to the host it is trying  to reach. This is typical for things like port scans and even P2P applications. Another possibility is that a host just has a misconfigured application that needs to be addressed.

Read more »

Well it looks like our run of nice weather has ended here in Southern Maine. Saturday we had our first snow of the year. It was kind of a nice touch to be at a holiday party and have the snow falling outside. And then to wake up Sunday morning to find that the view outside your window is like that of a Currier and Ives winter print.

A couple of weeks ago I began a series of blogs that introduces you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack. 

Read more »

Let me start by saying, I hope that everyone had a great Thanksgiving. At our house, we fried two turkeys this year. It was the first time that we attempted this, and after reading all the warnings that came with the new fryer, I guess the fact that no one got hurt means that the holiday was a success.

Last week I began a series of blogs that introduce you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Read more »

With the release of Scrutinizer v7.2 last month we offered an upgrade/migration path for those customers running Scutinizer v6. I have had some customers ask, “Why should we upgrade” or “What will we gain from Scrutinizer v7 that we don’t have now?”

The updated release of Plixer’s network traffic analyzer last week made the answer to that question very clear.

Read more »