The few debates that have emerged over NetFlow Vs. sFlow often highlight why one technology is better than the other.  In this post, I would like to emphasize where the technologies are similar as well as where they should be implemented (i.e. one over the other). Certainly both have some merits but, one technology is definitely outpacing the other. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

IT professionals have been looking for better ways to monitor and store firewall logs for years. Properly handled, firewall events can give insight into APTs, DoS attacks, firewall rule planning and misconfigurations, policy violations, and much more. To date, Syslog has been the go-to mechanism for access to firewall log info. It’s universally supported by the firewall community, easy to understand, and it’s quick to implement on both the firewall as well as the syslog analyzer.

Unfortunately syslog is resource intensive on both the firewall and the log analyzer. It’s largely unstructured, requires string pattern matching, and the exact format and fields vary from one firewall to the next. How often do you turn on full “Accept” and “Deny” logging for every rule? Sure you can and yes it’s valuable but the amount of syslog created is tremendous.

Enter NetFlow and IPFIX…

Read more »

Just announced, Barracuda IPFIX support is now available on their firewall. We are in the process of checking out this new export to see if we need to add templates to our IPFIX reporting engine. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

As we approach the end of 2011, I’d like to take this time to recap some major advances in NetFlow & IPFIX reporting.

Several notable NetFlow developments for 2011 from Cisco Networks are:

• Medianet Network Performance Monitoring
• Cisco TrustSec (CTS) NetFlow support
• Cisco Smart Logging and Telemetry (SLT)

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The need to monitor mobile phone network traffic is rising in today’s work place environment because of non-work related activity using up valuable bandwidth. With today’s, “I’ve got an app for that” craze we need a way to determine how mobile phones are impacting network bandwidth usage. Did you know that between Apple and Android’s app stores there are over 650,000 downloadable apps? Do you have the necessary tools to monitor how mobile traffic is impacting your network?

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I personnally believe NetFlow v9 and now IPFIX are two of the greatest, if not the greatest, revolution in network traffic monitoring. It makes a substantial amount of usefull traffic information available to the network administrator. However,  to truly take advantage of  NetFlow, a software with powerful reporting capabilities is required. Today, I would like to talk about our NetFlow Analyzer data filtering capability. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I’m sure many of you are familiar with the rise in targeted attacks via the Internet. How can NetFlow or IPFIX be analyzed to detect these types of security breaches:

• Epsilon email theft resulted in thousands of email addresses being stolen.
• Fox theft resulted in employee information being stolen.
• Sony’s credit card theft resulted in the potentially stolen account numbers  of nearly 25 million SOE (Sony’s Online Entertainment division) customers, as well as 77 million more from the PlayStation® Network.

I started thinking about how amazon.com keeps customer credit card information. I’m sure they are under high alert for targeted attacks at all times.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Recently, Sandvine, an Internet service provider in over 85 countries, has published a Spring 2011 Global Internet Phenomena Report on new Internet trends which show a steady increase in the usage of on-demand applications.  In North America, Netflix has become the single largest source of Internet traffic overall. These streaming applications can become a real burden when they start affecting business critical applications; this begs the question, “how can you use NetFlow to identify Netflix traffic?”

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I think exporting Multicast NetFlow should be wisely thought out when configuring Flexible NetFlow (FnF). Specifically, I’m talking about ingress vs. egress exports. I sometimes make the suggestion to export only egress with multicast flows.

Why only Egress with Multicast Flows
When exporting multicast flows with ingress only, the destination interface on most flows is reported as 0.  Egress flows display the actual destination interface of multicast flows. We don’t need to export both as this will nearly double the volume of flows exported to the collector.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

In Part 1 I talked about how to configure your SonicWALL NetFlow / IPFIX exporting firewall to properly send NetFlow to a 3rd party NetFlow Reporting tool.  Now I want to share with you the information that you can report on with that 3^rd party NetFlow collector. All of this comes with SonicWALL using IPFIX, the proposed standard in NetFlow technology.

Example of reports on SonicWALL IPFIX exports:

• Application Conversations (App Conv)
• Application
• Intrusions
• Spyware
• URLs
• Users
• Viruses

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!