Recently I’ve had many requests from customers who upgraded to the Catalyst 9500 series and are looking for a NetFlow configuration document. So I’ve put together this guide for configuring FNF (Flexible NetFlow). … [Read more...] about Cisco Catalyst 9500 Flexible NetFlow Configuration
Configuring an ERSPAN within VMware and Cisco Switches
With the ever-growing support for flow exports, the need for probes and port mirroring has become a lot more limited. There are certain environments where it’s a requirement, however, and physically impossible to position a probe near a device that we want to … [Read more...] about Configuring an ERSPAN within VMware and Cisco Switches
NetOps and SecOps Collaboration Solves the Data Silo Problem
In the IT space we are not new to challenges. Some might even say we welcome them and thrive in overcoming hurdles. Each and every department in our IT infrastructure faces their own unique challenges every day. Today I wanted to explore one challenge in … [Read more...] about NetOps and SecOps Collaboration Solves the Data Silo Problem
Scrutinizer SaaS Deployment
Let’s talk about the cloud for a minute. A majority of IT infrastructure has been moving to the cloud over the last few years, and for good reason. The cost-saving benefit, ease of administration and space reduction are all good reasons to move your internal … [Read more...] about Scrutinizer SaaS Deployment
ISPs and Netflix Open Connect
Whether it’s after a long day at work, a rainy weekend, or when a new season of your favorite TV show is released, we’ve all been on a Netflix bender (*cough* Stranger Things *cough*). What we probably don’t think about is how all of that content is being … [Read more...] about ISPs and Netflix Open Connect
Wildcard Mask Filters Within Scrutinizer
While working with users, I’ve noticed scenarios where filtering traffic based on a CIDR or an IP range just isn’t enough control. I wanted to explore another option—wildcard netmask filters! Let’s walk through how they work, and how they can be applied. … [Read more...] about Wildcard Mask Filters Within Scrutinizer
Creating a Network Map
Network Maps provide end-users with a high-level view of what their network topology looks like, as well as how traffic is flowing through your network. Most commonly, I see them used as a quick reference to determine if there’s any link saturation happening. … [Read more...] about Creating a Network Map
Tracking Malware Hidden in Encrypted Traffic
I feel comfortable saying that all of us know what encrypted data is. Web encryption, specifically, has been around for quite some time now. Secure Socket Layer (SSL) did take a long time to be considered widely adopted, however—twenty-two years, to be exact! … [Read more...] about Tracking Malware Hidden in Encrypted Traffic
Network Behavior Analysis and User Behavior
As flow data becomes a growing asset for security analysts, a question arises: “Can I get more context and how do I best leverage this data?” In the security realm, flows are best used to monitor user behavior and network traffic patterns, providing us an … [Read more...] about Network Behavior Analysis and User Behavior
Gigamon IPFIX Configuration
Today I want to take a look at the Gigamon appliance and their IPFIX configuration. Recently I was asked an interesting question: an avid user of Scrutinizer had a very specific element he wanted to collect and monitor. He wanted to trend what SSL version his … [Read more...] about Gigamon IPFIX Configuration
Social Media