NetFlow and sFlow Analytics

What is Flow Analytics™ ?

Flow Analytics™ is a built-in module that a NetFlow analyzing tool uses to perform network behavior analysis. Flow Analytics™ can trigger alarms for such behaviors as worms, network scanning, and known compromised internet hosts. It can alarm you if any DoS attacks are happening. Once that happens it can identify repeat offenders and create a Unique Identifier (UI) to manage traffic counts. Flow Analytics™ can also identify your top applications, conversations, protocols, etc across dozens of routers and switches.

Flow Analytics™ allows you to store data for more than 24 hours. You can choose to save an infinite amount of Net Flow data history at every interval. So now you can go back and identify a problem that occurred 2 weeks ago on your network. Flow Analytics™ also allows for automated DNS resolution to help you quickly identify culprits on your network.

What makes Flow Analytics™ incredibly amazing is the ability to look at the NetFlow from multiple routers and switches simultaneously every 5 minutes. Potentially, you can configure hundreds of devices for each algorithm in Flow Analytics™. In this blog I will show you how to set up Flow Analytics™ and how to start configuring it.

Watch and listen along with Mike on the subject of Flow Analytics™.

Setting up Flow Analytics™

NetFlow behavior analysis

After installing your Network Traffic Analyzer, navigate to the MyView tab at the top of the screen. Next, navigate to the Flow Analytics tab. This tab comes with the product by default. Here you will find the Flow Analytics Configuration gadget that will be used to start configuring Flow Analytics™. To enable Flow Analytics™ click the first plus sign to the left of Flow Analytics Overall Status and make sure disable all is unchecked. Keep in mind Flow Analytics runs each algorithm every 5 minutes. It may take up to that amount of time to start seeing the gadget come to life.






Analyzing NetFlow Exporters

Now at the top right of the MyView tab add the gadget “Devices In Flow Analytics”. This will allow you to add your routers and switches to each algorithm. Select from the dropdown menu each algorithm. Now you can select a router from the exclude section and add it to the include section.

Once you have added your routers and switches you can now start to see the data in each corresponding gadget. Each “Top” algorithm has it’s own gadget. All violations algorithms share one gadget.

NetFlow violations

I hope I was able to help you with setting up Flow Analytics™. In Part 2 I will talk about what each algorithm is and what they mean to you.

If you have any questions, please don’t hesitate to contact us!

Jamie Lee author pic

Jamie Lee

Jamie Lee is the west coast Regional Manager at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long-lasting relationships with his clients. Jamie loves the outdoors and his favorite hobbies include fishing, hiking, and football.


Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…