How to Integrate Network Management Applications with NetFlow Reporting

Posted in NetFlow, NetFlow Analyzer, Network Traffic Analysis, Network Traffic Monitor, Scrutinizer, Third Party Integration on May 12th, 2010 by Joanne
How to Integrate Network Management Applications with NetFlow Reporting

The question is, how do you integrate the network management application that you have been using forever and the NetFlow traffic monitoring application data that you have recently installed?  NetFlow collection, as we have all learned these last few years, provides more and more insight into not just how much network traffic you have, but what that traffic is.

So we need to be able to seamlessly move from one application to the other.  If your NetFlow traffic analyzer is Scrutinizer version 7, then the following information should be of great interest to you.
Read more »

Tags: , , , , , , ,

How to enable egress NetFlow

Posted in NetFlow, Network Traffic Analysis on March 9th, 2010 by Paul
How to enable egress NetFlow

Working in technical support I get asked a lot, “I enabled NetFlow on my router, why don’t I see outbound traffic?” This is because NetFlow version 5 only supports ingress flow monitoring and they don’t have NetFlow enabled on all interfaces. In NetFlow v5 outbound traffic is calculated by the idea what goes in must go out (or stop at the router) so, it’s necessary that all interfaces are monitoring ingress traffic to get an accurate representation of outgoing traffic. So, if ingress monitoring has been working great all along why enable egress monitoring?

Read more »

Paul

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: , , , , , , , ,

MySQL database repairs itself in Scrutinizer v7

Posted in Scrutinizer on December 22nd, 2009 by Joanne
MySQL database repairs itself in Scrutinizer v7

A common occurrence and cause for data loss in Scrutinizer prior to version 7 has been crashed database tables.  It has also been the subject of many calls to our technical support group. Due to the large amount of NetFlow data received by NetFlow collectors, corrupted database tables can cause a large amount of data loss in a short period of time.

To minimize data loss and support time required to repair the corrupted database tables, in version 7 of our NetFlow and sFlow analyzer, we have introduced the ‘self-healing’ database.

A MySQL database check and repair is run on a regularly scheduled basis, once an hour.  If the database check finds any corrupted database tables, it will attempt the repair.  If it is unable to repair, an alarm will be generated to Scrutinizer to alert you of the corrupted table.
Read more »

Tags: , , , , , , , , , ,

NetFlow and holidays

Posted in NetFlow, Scrutinizer on December 15th, 2009 by Joanne
NetFlow and holidays

Since Scrutinizer v7 and the data migration from v6 has been released, we have been just out straight with support, including sending upgrading instructions, assisting with upgrades, helping customers get acclimated to the totally new interface, and troubleshooting the inevitable issues that arise with a new release of code.

So it was with great relief and gratitude to Michael Patterson, President and CEO, and Marc Bilodeau, CIO, that we enjoyed our Christmas company celebration this past Saturday.
Read more »

Tags: , , ,

Scrutinizer v7.3 – Flow Analytics – Top Flows

Posted in Scrutinizer on December 14th, 2009 by Scottr
Scrutinizer v7.3 - Flow Analytics - Top Flows

A couple of weeks ago I began a series of blogs that introduced you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Today I will be introducing you to the fourth of the new analytic tools now available with Scrutinizer v7.3. The Top Flows algorithm utilizes Flow Analytics – Top Flows, and checks to see if hosts involved with large numbers of flows have a large percentage of flows that are incomplete. This  is determined by looking at the TCP flags field in each flow record.

If it is a TCP flow record and it does not have the FIN flag set, it could indicate a host that is not able to make a full connection to the host it is trying  to reach. This is typical for things like port scans and even P2P applications. Another possibility is that a host just has a misconfigured application that needs to be addressed.

Read more »

Tags: , , , , , ,

Scrutinizer v7.3 – Flow Analytics – Breach Attempt Violation

Posted in NetFlow, Scrutinizer on December 7th, 2009 by Scottr
Scrutinizer v7.3 - Flow Analytics - Breach Attempt Violation

Well it looks like our run of nice weather has ended here in Southern Maine. Saturday we had our first snow of the year. It was kind of a nice touch to be at a holiday party and have the snow falling outside. And then to wake up Sunday morning to find that the view outside your window is like that of a Currier and Ives winter print.

A couple of weeks ago I began a series of blogs that introduces you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Today I will be introducing you to the third of the four new analytic tools now available with Scrutinizer v7.3. The Breach Attempt Violation looks for many small flows from one source to one destination. This can indicate things such as a “brute force” or “dictionary” attack. 

Read more »

Tags: , , , , , , , , , , , , , , ,

Packet Loss via Netflow: MFSN

Posted in NetFlow, NetFlow Analyzer, Network Health Report, Network Traffic Analysis, Network Traffic Monitor, Scrutinizer on December 1st, 2009 by Joanne
Packet Loss via Netflow: MFSN

How do you know if the NetFlow collector is saving or even getting all of the NetFlow datagrams that are being sent to it or that it is receiving? It is important to know if any flows are missing.

Why do we care?

This is a great question. We care because a loss of flow exports is usually caused by one of three things:

    1. The network dropped some packets
    2. The router can’t keep up
    3. The NetFlow receiver / collector can’t keep up

NetFlow sequence numbers are becoming increasingly important. When building a NetFlow collector it is important that the engine scales while staying accountable. If you look at the NetFlow v9 packet format you will notice something called the package_sequence.

Read more »

Tags: , , , , , , , , , , , , , , , , , , , ,

Scrutinizer v7.3 – Flow Analytics – DNS Hits

Posted in Scrutinizer on November 30th, 2009 by Scottr
Scrutinizer v7.3 - Flow Analytics - DNS Hits

Let me start by saying, I hope that everyone had a great Thanksgiving. At our house, we fried two turkeys this year. It was the first time that we attempted this, and after reading all the warnings that came with the new fryer, I guess the fact that no one got hurt means that the holiday was a success.

Last week I began a series of blogs that introduce you to the new Flow Analytic tools that are available with Plixer International’s latest NetFlow and sFlow analysis tool, Scrutinizer v7.3.

Read more »

Tags: , , , , , , , , , , ,

Scrutinizer v7.3 – Flow Analytics – Nefarious Activity

Posted in NetFlow, NetFlow Analyzer, Scrutinizer on November 23rd, 2009 by Scottr
Scrutinizer v7.3 - Flow Analytics - Nefarious Activity

With the release of Scrutinizer v7.2 last month we offered an upgrade/migration path for those customers running Scutinizer v6. I have had some customers ask, “Why should we upgrade” or “What will we gain from Scrutinizer v7 that we don’t have now?”

The updated release of Plixer’s network traffic analyzer last week made the answer to that question very clear.

Read more »

Tags: , , , , , , , , , ,

Overwhelming response to Scrutinizer v7.2

Posted in ASA, NetFlow, NetFlow Analyzer, Network Problem Resolution, Network Traffic Analysis, Network Traffic Monitor, Scrutinizer, sFlow on November 10th, 2009 by Joanne
Overwhelming response to Scrutinizer v7.2

Last week I blogged on Upgrading to Scrutinizer v7.2 NetFlow & sFlow Analyzer.

We have had such an overwhelming response from both existing and potential customers for this version of our network monitoring application that we are now sending the upgrade instructions to customers to allow them to upgrade at their leisure.

It has been very well received, as it now allows customers to schedule their upgrade to non-business hours if necessary. Also, for customers with secure servers without Internet access and unable to allow us to use remote access software (we use GoToMeeting), they can now perform the upgrade on their own and enjoy the new features of Scrutinizer.
Read more »

Tags: , , , , , ,