Inbound traffic that is captured and exported as NetFlow by your NAT router only shows that the destination of the inbound internet traffic is your external IP address. But what if you want to know what private host initiated that traffic? Today, I’d like to go over how Plixer Scrutinizer can report on this traffic and expose the internal address of this traffic.Read more
The process of setting up a new network map has changed a bit in the newest Plixer Scrutinizer v19.1.0 release. Today, I’d like to go over setting up a new network map and configuring new connections between map objects.Read more
As a conversation is observed by a NetFlow-capable device, metadata about that conversation such as source and destination addresses, source and destination port numbers, and packet sizes are stored in a cache on the device until a timeout is reached, then exported to a NetFlow collector to be used for reporting later. I’d like to talk about the information collected and how long the device will hold that information in the cache.Read more
With the newest release of version 19.0.0, I’d like to go over how Plixer Scrutinizer’s UI has changed to make finding data easier. There are a few new ways to accomplish the same tasks in the newest release that differ from the version 18.20 and under. This blog will cover how to accomplish some common workflows in the new UI, and how to navigate to the data you need even faster than before.Read more
Today I want to talk about how to deploy a Flowpro Virtual Appliance. With the Flowpro Virtual Appliance, you can get that visibility into network traffic where exporting flow data is not natively available from devices. I want to go through the steps of deploying the Flowpro Virtual Appliance.
How many companies out there are monitoring DNS traffic? Are you concerned about data exfiltration over DNS? How many people even know that is possible? These are questions I get to ask customers, and the response I get is the same with everyone. Not very many companies monitor their DNS traffic.
Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).
With the exhaustion of IPv4 addresses, the need to switch to IPv6 is inevitable and has been for many years. As your company makes the switch to IPv6, don’t forget NetFlow collector’s IPv6 support. I’m not only talking about the ability of your NetFlow collector to report on IPv6 conversations, but also the ability to collect NetFlow sent in IPv6 packets.
Detecting TOR traffic will help identify possible infections on your network. It keeps the eyes of your network team open to different types of malware that utilize Tor for disguising its intent end location. Tor not only encrypts its traffic, but also disguises its traffic as HTTPS communications thus making NetFlow/IPFIX a valuable asset in setting this traffic apart from normal HTTPS traffic that we all know is on the network.