Sometimes you see a name flash across your screen that draws your attention.  A few months ago I had one that did just that. When I decided to visit London I knew it was an attraction that I needed to see.

I use the term “amateur horticulturist” loosely when describing one of my hobbies. I am still in the beginning steps of building a self-contained, hydroponic garden and fish farm powered by Arduino. By “beginning steps” I mean that I have a lot of bookmarks and interesting YouTube videos.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the NetFlow Developments group on LinkedIn.

With the release of  ”The Sphere” this week,  once again we bring traffic reporting to another level. Among several new features that Scrutinizer 8.0 comes with, the Sphere is my favorite.   It provides a view of your network traffic in an interactive spherical image with the ability to selectively look at specific talkers and who they are talking to.

We take a lot of pride in our NetFlow innovations and industry firsts. Here is a list of some of the technologies we were the first to support in the NetFlow industry: Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

One thing I have noticed is, depending on what customers are using our network analysis tool for, they are often interested in retaining different volumes of collected network traffic information. This is usually a factor of whether they are interested in recent data or both recent and older data. In either case, having the right archiving configuration is crucial. In How is NetFlow data stored in scrutinizer? Part 1, we saw how data archiving worked in Scrutinizer. In part 2, I would like to focus on Scrutinizer historical data configuration. Read more »

Defrag your hard drive!

As mentioned in Scott’s blog,  “Getting the most from your NetFlow and sFlow Analysis Tool“, disk fragmentation can be the primary cause for slow performance in running NetFlow reports.

Due to the large volume of data stored when collecting NetFlow packets, disk I/O may already be pushed to the limits on your server.  Add to that a highly fragmented disk drive and you might as well go hang out at the water cooler while you wait for your report to run.

Here’s an example of an extremely fragmented disk:

As Scott mentioned in his blog, “With hard drives, blue is a good thing, red is bad. Ideally we would want to see mostly blue and white.”

But, on the other hand,  if you don’t have anything better to do with your time, if using Scrutinizer has so streamlined your network monitoring that you need to slow your day down a bit, then please, leave your disk fully fragmented and take a break!

Otherwise, if you prefer your Netflow reporting to complete in your lifetime, then defrag!

And in the spare time that you now have to kill, you can monitor excessive Facebook traffic and other odd traffic patterns on your network, or read our blogs to learn how to enable Flexible NetFlow, or give us a call to find out what else our NetFlow solution can do for you.

- Joanne

Our NetFlow and sFlow Analyzer receives  data collected over a 1 minute time interval  per flow, and can store up to 100 000 conversations (flows) per device. One limitation in NetFlow monitoring today is the amount of disk space needed to store the collected network traffic information. Especially, if one’s intent is to hold on to that information  for a certain period of time. In this blog I will try to help you understand how Scrutinizer archives data. In addition I will talk about the NetFlow Calculator, which can be a helpful tool for estimating the disk space needed on your NetFlow analyzer server. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

There is no doubt that flow technology is revolutionizing network monitoring. In this  NetFlow/J-Flow/IPFIX/sFlow era, there is no need to settle with only knowing utilizations on the network. Besides, little analysis can be done in monitoring bandwidth only anyways.

Scott wrote a blog earlier that made a valid point: “A Network Administrator’s abilities are only as good as his awareness of what happens on his network.” In harmony with that statement, it’s beneficial to have useful tools to be able to collect that traffic information.

Recently, I learned that J-Flow is supported for the Juniper SRX series Gateways. I thought this might be good information for people who want to start monitoring flows on this type of device, especially our NetFlow and sFlow Analyzer users, since it can also process J-Flow packets. Below are some sample commands taken from Juniper’s Knowledge Base which walks you through your J-Flow configuration. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Has your company adopted a social media policy yet?  Social Networking sites such as Facebook, Twitter, and MySpace are increasingly being considered threats for at least a couple big reasons:  security risks and traffic risks.

Use of social medias at work can pose security risks to the company’s intellectual property through an employee’s personal communication habits.  On occasion, attackers assume the identity of someone who hasn’t actually joined sites like facebook.  Then the attacker determines who this person’s friends or schoolmates are and sends friend requests.  Once befriended, the attacker has personal information of users and can make targeted attacks.  Social engineering tactics like this can be very effective, especially when they get users to start sharing URLs leading to malicious sites or spoofs of actual businesses such as your local bank.  In some countries, criminals are not banned from using sites like facebook when they are incarcerated, as The Washington Times recently reported.

Use of social medias at work can also pose network traffic problems for the company.  Read more »

Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?

NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

A couple weeks ago a customer reported an issue where, apparently, our NetFlow and sFlow Analyzer was not seeing traffic from Vyatta Core 6. This being the second time the issue is reported to us, I was encouraged to talk about it.

In general, whether it is a collector issue or an exporter issue, from a tech support view point, I would say that the Scrutinizer web interface does a great job signaling what might be preventing proper network traffic analysis. This customer’s Scrutinizer web  interface seemed to be saying: “There are flows coming from Vyatta, but there is nothing to report on”. Whenever he restarted the Netflow collector, everything would work well for a short period of time, then in the Scrutinizer web interface, while the Vyatta widget would  still be green, indicating that it is eventually sending netflow, its interfaces would turn yellow (no data to report for this interface) for a few hours before the collector completely stops.

What we found

His Vyatta was sending NetFlow packets that were not properly constructed. Looking at their content, we found that they did not contain flow information, but packet headers only, which gives Scrutinizer nothing to report on.

Recommendations

Unfortunately I am not a Vyatta expert. If you are experiencing a similar issue, I recommend consulting the Vyatta community, or try other software base routing/firewall systems such as nProbe, pfsense, Quagga,etc. I can’t tell you much about pfsense or Quagga; however, once in a while we get calls from nProbe users, it supports NetFlow and seems to work well for them.

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Lawrence Technological University is among Michigan’s largest independent colleges and also Michigan’s first completely wireless laptop campuses, as well as one of the largest wireless networks in the Midwest.

This recently published case study demonstrates how successful network traffic analysis can be performed using NetFlow reporting with Scrutinizer NetFlow Analyzer. Monitoring NetFlow exported from devices such as Cisco ASA’s, routers, switches, and numerous other NetFlow compatible devices simplifies the task of managing your network, whether wired or, in LTU’s case, fully wireless.

Read more »