One of the things that sets our NetFlow and sFlow analysis tool apart from our competitors is the dynamic reporting options that exist within our reporting engine.
I had a customer the other day show me how he was using Scrutinizer to catch DNS pirates.
Let’s take a look at how he setup the report filter to do this.
As much as I would like to see more companies switch over to IPv6 it isn’t going to happen overnight. Like anything involving an expensive migration process, you should ask yourself some questions.
When do businesses need to move to the new system and what are the advantages of switching over to IPv6? Why make the move? I don’t think you have to but, be aware that IPv6 use has grown by 300% over the past 2 years. Read more »
Here is part 1 of this blog.
Detecting DDoS Attacks
A DDos attack is a tricky monster because it can look like legitimate traffic. We have come up with an algorithm for detecting DDoS attacks that from our tests seems to be accurate. We say this because it largely reduces the risk of false positives. It involves flow volumes, byte sizes and standard deviations. Although it is fairly complicated, it will still need modifications as DDoS behavior morphs over time.
Scrutinizer v7.2 NetFlow and sFlow Analyzer has been released. A complete log on the updates is on our web site. The migration from v6.X to v7.2 is also done. Please contact plixer +1 (207) 324-8805 for assistance on the migration.
We are offering 2 webcasts to cover many of the new features for Network Traffic Analysis. Read more »
Michael Patterson
Scrutinizer NetFlow & sFlow Analyzer from Plixer International can support NetStream packets, developed by Huawei-3Com Co., Ltd (H3C).
Huawei-3Com Co., Ltd (H3C) began operations as a joint venture between Huawei and 3Com in November 2003. In 2006, they officially went their separate ways, with 3Com buying out Huawei’s share in H3C. H3C, as 3Com’s presence in China, continued to prosper, until the non-compete clause that Huawei agreed to ended.
Read more »
A lot of our blogs talk about how to identify problems with Cisco NetFlow or to optimize network performance by using our tools. This blog post isn’t about Google maps in the up and coming version of Scrutinizer v7. It’s about an issue with Google maps and Linux that I have seen a few times with a few of our customers. The problem is that some customers cannot view the Google map configured in our NetFlow & sFlow Analyzer.
Read more »
Over six months ago we completed a technical review on the differences between sFlow and NetFlow, which was published in NetworkWorld.com. In this review you will find specific reasons why and when to use one or the other.
Because Scrutinizer supports all major versions of sFlow and NetFlow, we don’t need to pick sides on which one is better. I will say that we periodically get calls from customers wondering why the sFlow statistics from a switch aren’t the same as those reported by NetFlow on the directly connected router. They are comparing the totals for a specific IP address.
The reason is simple:
I would consider this:
Questions you may have:
Q: Why don’t more switch vendors support NetFlow at the switch?
A: Usually because of the cost to engineer and implement a NetFlow capable switch.
Q: I heard that sFlow is in hardware, and that NetFlow is in software and causes more overhead for the switch. Is this true?
A: Yes and no, Cisco routers use software and CPU to export NetFlow. Many switches support NetFlow in hardware.
“The Enterasys Matrix N-Series switches collect NetFlow statistics for every packet in every flow without sacrificing performance based on the nTERA ASIC capabilities. Whether the network is operating at 10/100/1000, Gigabit or 10 Gigabit speeds – the NetFlow data can be leveraged for performance management and network behavioral analysis to ensure the confidentiality, integrity and availability of information.”
Trent Waterhouse, Enterasys Networks, Inc.
Q: How much does it cost for a ‘flow’ capable switch?
A: I’ve seen the following street prices: D-Link DGS-3627 sFlow switches as low as $2600 and Enterasys N1 series NetFlow switches for ~$15,000. I would not limit the decision to ‘flow’ support. Foundry, Juniper, etc. make great flow capable hardware as well. Always evaluate before you buy.
Q: We leverage NetFlow for Network Behavior Analysis (NBA), will sFlow be as useful as NetFlow?
A: Remember, sFlow is sampling, so a host that scans a subnet is not as likely to be picked up by analyzing sFlow samples as it is with NetFlow; and it may not matter. Most switches today are performing NBA at the switch, which we cover in our white paper.
Bottom Line
NetFlow or sFlow support should be on the list of features to consider, along with SNMP and NMS integration, when purchasing your next switch. We feel that a best of breed solution is the ideal investment for your company. If you have other questions, just call me (207)324-8805.
