What is Flow Analytics™ ?

Flow Analytics™ is a built-in module that a NetFlow analyzing tool uses to perform network behavior analysis. Flow Analytics™ can trigger alarms for such behaviors as worms, network scanning, and known compromised internet hosts. It can alarm you if any DoS attacks are happening. Once that happens it can identify repeat offenders and create a Unique Identifier (UI) to manage traffic counts. Flow Analytics™ can also identify your top applications, conversations, protocols, etc across dozens of routers and switches.

Flow Analytics™ allows you to store data for more than 24 hours. You can choose to save an infinite amount of Net Flow data history at every interval. So now you can go back and identify a problem that occurred 2 weeks ago on your network. Flow Analytics™ also allows for automated DNS resolution to help you quickly identify culprits on your network.

What makes Flow Analytics™ incredibly amazing is the ability to look at the NetFlow from multiple routers and switches simultaneously every 5 minutes. Potentially, you can configure hundreds of devices for each algorithm in Flow Analytics™. In this blog I will show you how to set up Flow Analytics™ and how to start configuring it. Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

We spent some time awhile back building some host baseline logic for a future Flow Analytics release. If you’re not familiar with the term “host baseline”, it is a history of an IP node’s historical traffic behavior. Items that go into this communication baseline are behaviors observed in a specified time frame.

Read more »

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

What a year so far!

You know the old saying “Time flies when you’re having fun”? Here at Plixer, our developers are so freakishly passionate about creating the NetFlow architecture of the future, the years seem to pass us by like a blur.

The hard work is really paying off! Not only were we the first company to receive Cisco certification within the Systems Management technology category but, we are proud to announce that last week we won the 2011 Golden Bridge Award for NetFlow innovations!These industry and peer awards from Golden Bridge are the world’s premier business recognition program. This award is a huge accomplishment for such a passionate group of employees. To top it all off, Cisco sent us Medianet T-Shirts!

With Cisco predicting by 2013 91% of all network traffic will be voice/video streams, we’ve been spending a significant amount of time focusing on the development of the many new Cisco Medianet performance monitoring reports. Scrutinizer v9.0 is just around the corner, it will be exciting to get feedback on all of the new reports we have built for Cisco Smart Logging and Telemetry, Cisco TrustSec, Performance Routing, Performance Monitoring and of course all of the new SonicWALL IPFIX support.

What is MediaNet?
Medianet is an intelligent end-to-end network that combines video technologies in the business, home and service provider networks. More than just higher bandwidth, it optimizes video and rich media traffic. Our solution was the first to report on the new metrics Cisco imbedded into Flexible NetFlow templates. Network traffic analysis with the advanced filtering in our NetFlow Management solution is further proof that our software provides the very best in NetFlow reporting. Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

What do IPv6 Day and Y2K have in common? I’ll break it down for you real simple: a lot of stuff happened, but most of us never noticed. Now, let me explain in detail…

Internet Protocol Version 6 (IPV6) is the newest technology that has everyone stirring for solutions to problems that hadn’t yet been fully realized. Not until IPv6 day, that is. As digital consumers, we need our information to be retrieved faster than ever, and all connectivity is expected to be warp speed. The current IPv4 exhaustion crisis is eerily similar to Y2K in that the eventual outcome was expected to go two different ways: either nothing will happen or complete Armageddon will ensue. But there’s also a fundamental difference: we’re not nearly as worked up about IPv4 exhaustion as we were about Y2K ahead of the fact.

Each IPV4-to-IPV6 and IPV6-to-IPV4 conversion adds an extra “hop” and requires a large amount of computing power to process information about who you are trying to talk to, and who you are known by on the other end. The coexistence of both protocols seems to be consistent with a family traveling on vacation; precious vacation time is wasted by the family (IPv4) driving to the airport, then transferring to a plane (IPv6), in an overall attempt to save time in the air. In the fastest scenario possible, you wouldn’t want to use two means of transportation, instead opting to use your private plane in the back yard (IPv6).

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

Do you use NetFlow for your network traffic monitoring??

If you do, but don’t always see the data the way you need for optimal network traffic analysis, just let us know. Customizing the view of your NetFlow data is the key to getting the most from NetFlow reporting.
Read more »

Visit our website to download a 30 day trial of Scrutinizer.

Join the NetFlow Developments group on LinkedIn.

The other day my colleagues at the technical support desk and I were talking about different aspects of network analysis and an interesting question came up:

When you use a NetFlow collecting appliance, what function do you use more, the reporting or the behavior analysis function?

Between all of us, we couldn’t come up with a definitive answer.

At Plixer, we have designed our NetFlow and sFlow Analysis Tool to provide the best custom reporting engine on the market today, supporting leading edge technologies like the Cisco ASA, Flexible NetFlow, IPFIX, and NBAR. With a single mouse click you can select from over 20 predefined report filters. Anything from top hosts, applications, and conversations, to traffic volume and flow volume reports.

But it gets better!

We are soon to be releasing Scrutinizer v8. Version 8 includes a number of new report filters including a dashboard report that lets you see a number of different reports for an interface on a single view.

Scrutinizer with Flow Analytics is one of the few NetFlow and sFlow solutions that combines network traffic analysis with continuous network behavior monitoring.

The Flow Analytics function within Scrutinizer includes dozens of algorithms that detect malware such as botnets, worms, and other threats. It interrogates every flow from your exporting devices for suspicious traffic patterns and anomalies. All flows across selected flow sending devices are monitored at all times. While antivirus solutions help catch infections on computers, Flow Analytics looks for problems that are already underway (e.g. DDoS, network scans, nefarious activity, etc.) on the internal network.

The Flow Expert view on the MyView tab lets you see what’s going on across your network on a single dashboard view. The Threats Overview gadget shows you a count of the occurrences that have been found for each algorithm, and a click on the alarm takes you directly to the Alarm tab to view the details for that particular alert.

Since we are in the election season I figured that I would pass the question on to you.

 Loading ...

If you are looking for a new network traffic analysis tool, or have any questions about Scrutinizer, give me a call – (207)324-8805

-Scott

I was talking with our newly appointed Pre-Sales Support Specialist, Scott, the other day when we realized that we don’t have a NetFlow Glossary blog, so I wanted to take this opportunity to consolidate some resources and highlight some of the key NetFlow terminology that we find ourselves talking about on a daily basis.

NetFlow Terminology:

Bidirectional Flows
Flexible NetFlow
Ingress vs. Egress
Interface 0
ip-flow timeout active 1
IPFIX
ip route-cache flow vs. ip flow ingress
NBAR
NetFlow Collector and Analyzer
NetFlow Exporters
NetFlow Options Templates
NetFlow Probe
NetFlow Replicator
NetFlow v5 vs. v9
NSEL
sFlow

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

The other day I took an interesting call from a customer who was concerned because he was suddenly seeing his flows per second count almost double. He had just upgraded his Scrutinizer NetFlow and sFlow traffic analysis application to the latest version and he thought that maybe something had changed to cause this to happen.

I assured him that nothing in the Scrutinizer upgrade would have caused him to see his flow count increase. And after talking with him, I learned that he had also just upgraded the IOS on his routers.

Were we looking at some kind of a ”perfect storm“ scenario?

Of course not!

Read more »

Hello all, today I’m going to tell you about one of my favorite features in Scrutinizer that helps aid in NetFlow traffic monitoring; the MyView dashboard.  The MyView page is a fully customizable dashboard that allows each user to have their own unique view of what’s happening on the network which allows administrators to be proactive instead of reactive.

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

The following article, “Scrutinizer Brings Flow Analytics to SMBs“, written by David Diaz, was recently featured on TechCrunchIT.

David points out that with the low initial cost for Scrutinizer NetFlow & sFlow Analyzer, it is a very affordable Flow Analytics solution for small and medium-sized businesses.

This flow analysis tool can also be deployed centrally and accessed globally via the web interface.  What this means is that one install of Scrutinizer can provide network management information for your entire network and accessible by everyone on the network management team, regardless of geographical location.

Read more »