At Plixer International’s Technical Support desk we often take calls in support of our NetFlow and sFlow analysis tool that deal with disk space and disk performance issues. In the world of NetFlow and sFlow collector appliances, the name of the game is to have sufficient available disk space and minimize disk I/O. Read more »
Have you heard about exporting egress NetFlow? Do you want to know why it is different from ingress NetFlow or more importantly, when to implement it for network traffic monitoring? I’ll cover this topic in today’s blog. Read more »
Michael PattersonSince the release of the latest version of our NetFlow and sFlow analysis tool, I have been blogging about some of the new features that are available.
One of the new report features available gives you the ability to filter on conversations and show user defined applications that were involved in those conversations.
A couple of weeks ago I began a series of blogs that introduced you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.
Today I will be introducing you to the fourth of the new analytic tools now available with Scrutinizer v7.3. The Top Flows algorithm utilizes Flow Analytics – Top Flows, and checks to see if hosts involved with large numbers of flows have a large percentage of flows that are incomplete. This is determined by looking at the TCP flags field in each flow record.
If it is a TCP flow record and it does not have the FIN flag set, it could indicate a host that is not able to make a full connection to the host it is trying to reach. This is typical for things like port scans and even P2P applications. Another possibility is that a host just has a misconfigured application that needs to be addressed.
Well it looks like our run of nice weather has ended here in Southern Maine. Saturday we had our first snow of the year. It was kind of a nice touch to be at a holiday party and have the snow falling outside. And then to wake up Sunday morning to find that the view outside your window is like that of a Currier and Ives winter print.
A couple of weeks ago I began a series of blogs that introduces you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.
Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack.
Let me start by saying, I hope that everyone had a great Thanksgiving. At our house, we fried two turkeys this year. It was the first time that we attempted this, and after reading all the warnings that came with the new fryer, I guess the fact that no one got hurt means that the holiday was a success.
Last week I began a series of blogs that introduce you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.
This is the final part in a two-part blog series on using Cisco NetFlow to identify if your network is part of a botnet. Part 1 gave a quick overview of distributed denial of service (DDoS) attacks and how they’re often caused by botnets flooding Web sites with requests, thus making the Web site inaccessible to others.
It’s not just home computers that could be part of botnets. Any work computer could be compromised if users unwittingly download malware or visit malicious Web sites, putting corporate networks at risk. How can Cisco NetFlow be used to identify DDoS attacks?
Read more »
I’m playing with Application Groups in Scrutinizer v7 where you can define ranges of ports and IP addresses to define applications. Seems I can also use it for IP Grouping:
Notice the above is a bi-direction trend which can be more useful than pie charts, but we do both:
The above of course is support for Cisco NetFlow, sFlow, IP FIX, jflow, etc. It’s all network traffic monitoring using ‘flows’.
Michael Patterson