One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the flow of our network traffic. This is a huge improvement over the traditional method of parsing row after row of big data in a structured table format. As the IoT becomes a reality and traffic volume continues to grow at a consistent rate, we need a way of visualizing this traffic. While we’re provided many graph types that help to convey information through colors, size or position, Plixer is excited to announce the inclusion of its latest graph type, the Sankey Flow Graph!
Until the introduction of flow technologies like NetFlow and the standard called IPFIX, companies relied largely on two technologies. The first was SNMP which allowed customers to trend different performance metrics for long periods of time. Metrics included interface utilization, interface errors, CPU, memory and much more. The problem with SNMP however, is that it couldn’t provide details on who and what was causing the traffic, making it nearly useless for isolating network performance problems and investigating security issues. An extension to SNMP called RMON was incorporated into SNMP but, it failed for several reasons.
One of the things that I really like about my position as a Technical Support Representative is that I often work with customers who show me NetFlow configurations on vendor devices that I didn’t know support NetFlow as a monitoring protocol. Plixer’s NetFlow collector has seen it all and helping other vendors without a doubt keeps us on our toes. Last week I had the opportunity to work with a customer who wanted to get more visibility out of his Viavi Observer GigaStor deployment.
Monitor Pokemon Go Network Traffic
So there I am monitoring my network with NetFlow and a wild application appears! Pokemon GO hit the scene last week and it’s quickly becoming one of the most popular applications to hit networks. Most network professionals are interested in seeing what applications are in their environment and who is using them. In the spirit of catching them all, I set out to find Pokemon GO network traffic with NetFlow.
If you suspect a malware breach and want to investigate the history of a specific host, how do you do it? For most of us, the turn-to technology when needing to forensically investigate nearly any type of network related traffic pattern is NetFlow or IPFIX. All major routers on the market today support one or both of these flow protocols.
Are you facing a growing communication infrastructure and needing greater insight into all corners of the network? NetFlow has become the turn to technology for security and network teams who thirst for details on who, what, when and where.
Providing detailed visibility and contextual awareness into network traffic is essential to secure and optimize business operations. While NetFlow and IPFIX reporting have proven to provide these details, sharing this data between multiple vendor applications in an organization can be challenging. Enter, the Scrutinizer NetFlow Application Programming Interface (API).
Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).
Seeing how much traffic is going over an interface is an integral part of every network professional’s daily routine. This information can be used for everything from future planning to trouble-shooting. That’s why understanding NetFlow traffic volume and knowing exactly how much bandwidth is being used at any given time is critical.