Our NetFlow and sFlow Analyzer receives  data collected over a 1 minute time interval  per flow, and can store up to 100 000 conversations (flows) per device. One limitation in NetFlow monitoring today is the amount of disk space needed to store the collected network traffic information. Especially, if one’s intent is to hold on to that information  for a certain period of time. In this blog I will try to help you understand how Scrutinizer archives data. In addition I will talk about the NetFlow Calculator, which can be a helpful tool for estimating the disk space needed on your NetFlow analyzer server. Read more »

Daniel Senga
Tech Support
Follow me on Twitter

Such a dilemma, when it comes to Autonomous System NetFlow exports, which do you prefer: peer-as or origin-as?  If you don’t care about Autonomous System reports, you still just might find this post interesting.  I’ll try to keep you captivated!

Autonomous System
First of all, what is an Autonomous System? Within the Internet, an Autonomous System (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. A single ISP can support multiple Autonomous Systems Numbers (ASN). The ASNs supported by the ISP are advertised via their Internet router using the BGP Protocol. So what is BGP?

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

If you’re a faithful follower of our blogs, then you are familiar with the “samplicator” described in Michael Patterson’s “Free NetFlow Forwarder or NetFlow Duplicator” blog from May 29th, 2010.

If you’re not familiar with this NetFlow Forwarder application and you have the need for exporting NetFlow packets to multiple (unlimited!) collectors, then you must read his blog.

With switches or routers that do not support NetFlow export to more than one NetFlow collector, or if you have the need to export to more than the typical two collectors, the samplicator is an ideal solution.

Configuration is quick and easy and, if using the config file to list source (exporters) and destinations (collectors), extremely scalable.

Read more »

This is part 3 of a 3 part series.  Part 1 and part 2 covered other topics.  In the third NetFlow lab we studied the traffic from a VoIP connection.   

Read more »

Michael Patterson
Scrutinizer Product Manager

We want to work in more Cisco BGP reporting in Scrutinizer NetFlow Analyzer and I need some help.  I need some NetFlow packet captures with BGP information. Can you send me one?

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

Has your company adopted a social media policy yet?  Social Networking sites such as Facebook, Twitter, and MySpace are increasingly being considered threats for at least a couple big reasons:  security risks and traffic risks.

Use of social medias at work can pose security risks to the company’s intellectual property through an employee’s personal communication habits.  On occasion, attackers assume the identity of someone who hasn’t actually joined sites like facebook.  Then the attacker determines who this person’s friends or schoolmates are and sends friend requests.  Once befriended, the attacker has personal information of users and can make targeted attacks.  Social engineering tactics like this can be very effective, especially when they get users to start sharing URLs leading to malicious sites or spoofs of actual businesses such as your local bank.  In some countries, criminals are not banned from using sites like facebook when they are incarcerated, as The Washington Times recently reported.

Use of social medias at work can also pose network traffic problems for the company.  Read more »

This is part 2 of a 3 part series.  Part 1 can be found here. In the second NetFlow lab we did a HTTP Comparison using my web browser and going to a common web site.  I wanted to see what kind of traffic occured when I visited the front page of llbean.com without clicking on anything.  How many packets were transfered and how many flows were created? 

Read more »

Michael Patterson
Scrutinizer Product Manager

You’re in the market for a NetFlow Traffic Analyzer.  What are the key features that you’re looking for?  What makes one NetFlow analyzer stand out from the rest?  Do you have a list of “must haves”?

Such as support for Flexible NetFlow, IPFIX reporting, portable network maps?  How about automated NetFlow configuration on your routers and switches?  Is customization of the web interface important to you?  Multiple language support critical?
Read more »

Introduction
I spent some time ago comparing packet traces to Cisco NetFlow using our network bandwidth monitoring tool ‘Scrutinizer’.  I setup 3 scenarios where I captured the actual packets with Wireshark and captured the NetFlow datagrams with our NetFlow collector.  In this 3 part series, the details from these three labs will be explained:

Read more »

Michael Patterson
Scrutinizer Product Manager

Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?

NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »