NetFlow Vs. Packet Capture

Posted in General, IPFIX, NetFlow on September 22nd, 2016 by mike@plixer.com
NetFlow Vs. Packet Capture

Until the introduction of flow technologies like NetFlow and the standard called IPFIX, companies relied largely on two technologies. The first was SNMP which allowed customers to trend different performance metrics for long periods of time. Metrics included interface utilization, interface errors, CPU, memory and much more. The problem with SNMP however, is that it couldn’t provide details on who and what was causing the traffic, making it nearly useless for isolating network performance problems and investigating security issues. An extension to SNMP called RMON was incorporated into SNMP but, it failed for several reasons.

Read more »

Michael Patterson
Founder and CEO

For a free 30 day trial of Scrutinizer, Download Now!

Tags: ,

Adding Context to Detection with Netflow

Posted in application aware netflow, network behavior analysis, network threat detection on September 21st, 2016 by Jennifer Maher
Adding Context to Detection with Netflow

Adding context to Detection with Application Aware Netflow

Today’s Cyber Threats are becoming more and more sophisticated.  M-Trends 2016 Cyber Security report highlights two new trends from the past year.  First, more system breaches were made public in the news media. Second, the attackers were from a wider range of locations and their goals were more varied. These attackers disrupted business, stole personal information, and invaded routing and switching infrastructure. The report states, “Disruptive attacks are likely to become an increasing trend given the high impact and low cost…in that they can cause a significant and disproportionate amount of damage without requiring attackers to possess large amounts of resources or technical sophistication.” How do we stay vigilant with these unpredictable and ever changing tactics? The answer is adding context to detection with the flow data you are already collecting.

Read more »

Tags: ,

Ecessa NetFlow support in Scrutinizer

Posted in software defined network on September 14th, 2016 by Jimmyd
Ecessa NetFlow support in Scrutinizer

Today I’m going to write about a company named Ecessa.  If you haven’t heard of them before, they have a long history of building networking hardware for businesses.  Since the inception of the company, one of their primary goals has been to ensure reliable and resilient Internet connectivity.

Read more »


Jimmy D the Netflow Detective

For a free 30 day trial of Scrutinizer, Download Now!

Join the NetFlow Developments group on LinkedIn.

Tags: ,

Gigamon IPFIX Configuration

Posted in IPFIX, netflow configuration on September 8th, 2016 by Jeff
Gigamon IPFIX Configuration

Today I want to take a look at the Gigamon appliance and their IPFIX configuration. Recently I was asked a rather interesting question. An avid user of Scrutinizer had a very specific element he wanted to collect and monitor. He wanted to trend what SSL version his internal servers are currently running, as well as the most common version his users come across in the wild. Now, immediately my mind goes to decryption or deep packet inspection. I know that with a bit of work we could accomplish this using our FlowPro that already does DPI. But wait, there’s a simpler way? That’s right, among other elements Gigamon is exporting SSL info in their IPFIX exports! That’s very exciting.

 

Now, I’ve never had any hands on time configuring or playing with a Gigamon appliance. I will say, there is a bit of difference in the configuration if you’re mainly used to enabling NetFlow on a Cisco device. Let’s take a look at how to turn NetFlow on and start reporting on some of these awesome exports!

Read more »

Jeff Morrison

For a free 30 day trial of Scrutinizer, Download Now!

Tags: , ,

Linux NetFlow Collector

Posted in Network Traffic Analysis, Network Traffic Monitor on August 31st, 2016 by Travis Sjurseth

So you are thinking of delving into the world of Linux NetFlow Collectors, but do not quite know where to begin. Well we would like to help you with that.

Before we get into the different solutions available, I have a few recommendations to keep in mind:

  • First, while open source may come with the idea of “free”, it is wise to remember that there is always a cost for everything. Yes, the software may be free, but training and or hiring an individual with expertise in the system will have a cost in both time and money.
  • Second, and slightly along the same line as the above, support. Will you have to rely on community support (which can be great) or does your chosen solution come with its own support staff (usually adding a price)?
  • Third, how do you feel about command line? While Linux solutions are commonly more stable, they are command line driven, which can be a bit of a headache for the uninitiated.
  • Commercial solutions generally way out pace the free solutions in both performance and in rich feature sets.

Read more »

Tags: , ,