Nagios is one of the more popular free network monitoring solutions that can be upgraded to a commercial version.  For years this community has depended on 3rd party NetFlow Analysis tools as a best of breed approach to a complete solution. Recently, Nick Scott at Nagios announced Nagios Network Analyzer which provides basic support for NetFlow v5, v7 and v9 however, it lacks support for all of the unique elements that can be exported by Flexible NetFlow and IPFIX.   What does this mean?

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

What is NetFlow Telemetry for Network Traffic Monitoring?  It’s a type of automated measurement that provides visibility into your network that is provided by NetFlow, sFlow, or IPFIX.

NetFlow Telemetry can incorporate not only great reporting, but also intrusion and network threat detection.  The key differentiator is ‘automation’.  Our network threat detection is automated: Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Do you remember exactly what you were doing July 26th? If you were at Plixer’s FlowFest 2011 you were eating fresh Maine lobster after a successful day of Advanced NetFlow Training™!

What’s that you say? You were cleaning the garage instead? If you weren’t able to attend this year, no worries, there’s always next year! FlowFest is a premiere NetFlow training event, hosted annually in the beautiful coastal town of Wells, Maine. (Thanks to everyone for the pictures!)

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Are you interested in learning more about Cisco NetFlow collection?  We have two upcoming webinars available.  Each webcast will cover a variety of topics to get you the information you need.

We’ll discuss reporting on Top Domains to find out who is hitting them (such as MySpace, Ebay, and others).  Learn how to use NetFlow to pinpoint latency of applications, servers, and end systems.  Discuss what open source NetFlow software is appropriate for your business, or when to move from open source to an enterprise class NetFlow Analysis Solution. Read more »

The other day my colleagues at the technical support desk and I were talking about different aspects of network analysis and an interesting question came up:

When you use a NetFlow collecting appliance, what function do you use more, the reporting or the behavior analysis function?

Between all of us, we couldn’t come up with a definitive answer.

At Plixer, we have designed our NetFlow and sFlow Analysis Tool to provide the best custom reporting engine on the market today, supporting leading edge technologies like the Cisco ASA, Flexible NetFlow, IPFIX, and NBAR. With a single mouse click you can select from over 20 predefined report filters. Anything from top hosts, applications, and conversations, to traffic volume and flow volume reports.

But it gets better!

We are soon to be releasing Scrutinizer v8. Version 8 includes a number of new report filters including a dashboard report that lets you see a number of different reports for an interface on a single view.

Scrutinizer with Flow Analytics is one of the few NetFlow and sFlow solutions that combines network traffic analysis with continuous network behavior monitoring.

The Flow Analytics function within Scrutinizer includes dozens of algorithms that detect malware such as botnets, worms, and other threats. It interrogates every flow from your exporting devices for suspicious traffic patterns and anomalies. All flows across selected flow sending devices are monitored at all times. While antivirus solutions help catch infections on computers, Flow Analytics looks for problems that are already underway (e.g. DDoS, network scans, nefarious activity, etc.) on the internal network.

The Flow Expert view on the MyView tab lets you see what’s going on across your network on a single dashboard view. The Threats Overview gadget shows you a count of the occurrences that have been found for each algorithm, and a click on the alarm takes you directly to the Alarm tab to view the details for that particular alert.

Since we are in the election season I figured that I would pass the question on to you.

 Loading ...

If you are looking for a new network traffic analysis tool, or have any questions about Scrutinizer, give me a call – (207)324-8805

-Scott

One thing I have noticed is, depending on what customers are using our network analysis tool for, they are often interested in retaining different volumes of collected network traffic information. This is usually a factor of whether they are interested in recent data or both recent and older data. In either case, having the right archiving configuration is crucial. In How is NetFlow data stored in scrutinizer? Part 1, we saw how data archiving worked in Scrutinizer. In part 2, I would like to focus on Scrutinizer historical data configuration. Read more »

Defrag your hard drive!

As mentioned in Scott’s blog,  “Getting the most from your NetFlow and sFlow Analysis Tool“, disk fragmentation can be the primary cause for slow performance in running NetFlow reports.

Due to the large volume of data stored when collecting NetFlow packets, disk I/O may already be pushed to the limits on your server.  Add to that a highly fragmented disk drive and you might as well go hang out at the water cooler while you wait for your report to run.

Here’s an example of an extremely fragmented disk:

As Scott mentioned in his blog, “With hard drives, blue is a good thing, red is bad. Ideally we would want to see mostly blue and white.”

But, on the other hand,  if you don’t have anything better to do with your time, if using Scrutinizer has so streamlined your network monitoring that you need to slow your day down a bit, then please, leave your disk fully fragmented and take a break!

Otherwise, if you prefer your Netflow reporting to complete in your lifetime, then defrag!

And in the spare time that you now have to kill, you can monitor excessive Facebook traffic and other odd traffic patterns on your network, or read our blogs to learn how to enable Flexible NetFlow, or give us a call to find out what else our NetFlow solution can do for you.

- Joanne

If you are seeking a good understanding of NetFlow, or a better understanding of how it can be enabled, configured, and analyzed, the “Commercial NetFlow Applications” chapter from the book Digital Forensics for Network, Internet, and Cloud Computing can be a great resource.  Written by Mike Patterson of Plixer International, Inc., the chapter details NetFlow and explains how you can capitalize on its utilization. Read more »

Has your company adopted a social media policy yet?  Social Networking sites such as Facebook, Twitter, and MySpace are increasingly being considered threats for at least a couple big reasons:  security risks and traffic risks.

Use of social medias at work can pose security risks to the company’s intellectual property through an employee’s personal communication habits.  On occasion, attackers assume the identity of someone who hasn’t actually joined sites like facebook.  Then the attacker determines who this person’s friends or schoolmates are and sends friend requests.  Once befriended, the attacker has personal information of users and can make targeted attacks.  Social engineering tactics like this can be very effective, especially when they get users to start sharing URLs leading to malicious sites or spoofs of actual businesses such as your local bank.  In some countries, criminals are not banned from using sites like facebook when they are incarcerated, as The Washington Times recently reported.

Use of social medias at work can also pose network traffic problems for the company.  Read more »

You’re in the market for a NetFlow Traffic Analyzer.  What are the key features that you’re looking for?  What makes one NetFlow analyzer stand out from the rest?  Do you have a list of “must haves”?

Such as support for Flexible NetFlow, IPFIX reporting, portable network maps?  How about automated NetFlow configuration on your routers and switches?  Is customization of the web interface important to you?  Multiple language support critical?
Read more »