A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreAuthor: Scott
Scott provides Pre Sales Technical Support to the Sales team at Plixer. Scott comes from a technical support background, having years of experience doing everything from customer account management to system programming. Some of his interests include coaching youth sports programs here in Sanford, playing drums and guitar in local jam bands, and playing in neighborhood lawn dart tournaments.
How to avoid NetFlow sampling
As resource demands and bandwidth speeds in many of today’s network infrastructures continue to increase, many network administrators believe that NetFlow sampling is the only way to deal with the high flow volume sent across the network. In fact, setting a NetFlow sample rate of 1 in 100 can cut flow volumes as much as 50%.
Read moreTroubleshooting NetFlow over VPN tunnel
I was working with a customer last week who had configured NetFlow on four of their Cisco routers. They had applied basically the same configuration to each of the routers, but only saw exported flows from three of them arrive at the collector.
Read moreCan your network survive the coronavirus lockdown?
Lately, I have seen an increase in support calls regarding the increase in bandwidth consumption and the degradation of application performance seen when employees started working from home because of the coronavirus outbreak.
Read moreWhich NetFlow collection process is better: duplicated or deduplicated NetFlow?
Questions regarding deduplicated NetFlow often come up when beginning to research NetFlow solutions. This blog will address some of the reasons why deduplication might not be the best way to go.
Read moreIs there a way to track and locate a private host behind NAT routers?
A common question that has been coming up on product demonstrations over the last few weeks is, using NetFlow, is there a way to track and locate a private host IP address behind my NAT routers?
Read moreCisco Catalyst 9400 NetFlow configuration
I am seeing a lot more of the Cisco Catalyst 9400 switches at my customer sites these days. I have also had a number of requests for configuration help. I figured that I would take this opportunity to walk through the Cisco Catalyst 9400 NetFlow configuration, and provide a sample reference document for you.
There is not much new here on configuring NetFlow. If you are familiar with the 3850 NetFlow configuration, it is very much the same.
Read moreWatchGuard NetFlow Configuration
“Does my WatchGuard firewall support NetFlow?” Customers who have WatchGuard firewalls have asked me this question many times over the years.
The answer is YES! We can finally put WatchGuard on the list of firewalls that support flow technologies.
Using Host Indexing to Investigate IP Addresses
I want to introduce you to a very cool, very powerful search function for investigating IP Addresses.
We talk all the time about how NetFlow and IPFIX technologies fit very well in the behavior analysis side of a layered security solution.
NetFlow is a feature that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination of traffic, class of service, and causes of congestion (if any).
Palo Alto Networks: NetFlow Reporting and Username Correlation
A few years ago, I wrote a blog that talked about how our Palo Alto NetFlow reporting allows network administrators to easily identify traffic trends occurring on the network. The application and username correlation reporting has proved to be extremely value to our customers using Palo Alto Networks as their firewall platforms.
Since then, we have added another reporting and analaysis dimension in regard to the Palo Alto NetFlow. We now use the username visibility to provide global username correlation to any IP address seen on any network device, anywhere on the network.
