As a conversation is observed by a NetFlow-capable device, metadata about that conversation such as source and destination addresses, source and destination port numbers, and packet sizes are stored in a cache on the device until a timeout is reached, then exported to a NetFlow collector to be used for reporting later. I’d like to talk about the information collected and how long the device will hold that information in the cache.
Read moreAuthor: Ryan Slosser
My name is Ryan. I work in development here at Plixer. I mostly deal with hardware deployment. I enjoy kayaking and fishing during the summer and skiing in the winter. People can count on me and I always give 100% unless I'm donating blood.
Plixer Scrutinizer new UI changes
Posted on - by Ryan Slosser
With the newest release of version 19.0.0, I’d like to go over how Plixer Scrutinizer’s UI has changed to make finding data easier. There are a few new ways to accomplish the same tasks in the newest release that differ from the version 18.20 and under. This blog will cover how to accomplish some common workflows in the new UI, and how to navigate to the data you need even faster than before.
Read moreHow to deploy a Flowpro Virtual Appliance
Posted on - by Ryan Slosser
Today I want to talk about how to deploy a Flowpro Virtual Appliance. With the Flowpro Virtual Appliance, you can get that visibility into network traffic where exporting flow data is not natively available from devices. I want to go through the steps of deploying the Flowpro Virtual Appliance.
Data Exfiltration over DNS
Posted on - by Ryan Slosser
How many companies out there are monitoring DNS traffic? Are you concerned about data exfiltration over DNS? How many people even know that is possible? These are questions I get to ask customers, and the response I get is the same with everyone. Not very many companies monitor their DNS traffic.
Fortiswitch IPFIX Configuration
Posted on - by Ryan Slosser
Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).
Baselining Network Traffic
Posted on - by Ryan Slosser
What is baselining network traffic? Why worry about baselining network traffic and Is this used for network security? These are the questions I want to answer today and how you can start baselining network traffic with the use of NetFlow/IPFIX.
NetFlow Collector IPv6 Support
Posted on - by Ryan Slosser
With the exhaustion of IPv4 addresses, the need to switch to IPv6 is inevitable and has been for many years. As your company makes the switch to IPv6, don’t forget NetFlow collector’s IPv6 support. I’m not only talking about the ability of your NetFlow collector to report on IPv6 conversations, but also the ability to collect NetFlow sent in IPv6 packets.
Detecting Tor Traffic
Posted on - by Ryan Slosser
Detecting TOR traffic will help identify possible infections on your network. It keeps the eyes of your network team open to different types of malware that utilize Tor for disguising its intent end location. Tor not only encrypts its traffic, but also disguises its traffic as HTTPS communications thus making NetFlow/IPFIX a valuable asset in setting this traffic apart from normal HTTPS traffic that we all know is on the network.
How a Rogue DHCP Server Works
Posted on - by Ryan Slosser
I’d like to take the time to go through the steps on how a rogue DHCP server works. The more you know about man-in-the-middle attacks, the better you will be at uncovering the infections. Scott wrote a blog a few weeks ago that went into some more detail about detecting a rogue DHCP server and symptoms that you may be infected. I want to hit on how that activity works.
Network Abuse and Policy Observance
Posted on - by Ryan Slosser
I’m no network administrator, but I know that monitoring network abuse and policy observance is imperative to keeping a network safe. After writing my last blog on incident response system guidelines, I received a few emails about going more in depth using custom data correlation and thresholds. It can be difficult finding the information you want before you even know you want it. Would you like to know that the phone is about to ring because of a possible infection or that the network is about to become slow? Now, no one can tell the future but having a little more insight using NetFlow and IPFIX data will help predict a possible issue.
